The importance of protecting children online has been an ongoing dialogue from the dawn of digital services. The Information Commissioner's Office has now taken concrete steps towards protecting children's personal data online by publishing its final version of the Age Appropriate Design Code. Following a consultation period, the final version of the Code introduces 15 standards for digital services to comply with including high default privacy settings, protection against nudge techniques, parental controls and an emphasis on transparency.

Following the data protection mantra of 'data protection by design', this Code requires providers of digital services to build in data protection safeguards to their online products and services to protect the rights and personal data of children. The Code was mandated by the Data Protection Act 2018 and compliments the GDPR (which provides its own additional safeguards for children), although some have argued it is too broad and vague to achieve its purpose.  

With one in five UK internet users being a child, organisations that operate in the online space need to be aware of the impact their services could have on children. While the code still needs to be laid before Parliament before it takes effect, it's hard to imagine a future where children's privacy is not a paramount concern in the development of digital services.