Friday, November 15, 2024
Home > ICO > New guidance to industry issued for game developers on protecting children

New guidance to industry issued for game developers on protecting children

  • The Information Commissioner’s Office sets the standard for ensuring games conform with data protection law.
  • 93% of UK children play video games.
  • Games providers should identify if their players are under 18, and the games themselves must not be detrimental to children’s well-being.

The Information Commissioner’s Office (ICO) has today issued a series of recommendations to game developers to help ensure they protect children when playing their games and comply with data protection laws. The recommendations are based on our experiences and findings during a series of voluntary audits of game developers, studios and publishers within the gaming industry.

These recommendations  will ensure that games conform with the Children’s code and should assist design and gaming communities embed data protection considerations when designing gameplay.

The Children’s code is a code of practice for online services likely to be accessed by children, and explains how the UK’s General Data Protection Regulation (UK GDPR) applies to children using digital services.

The information issued today includes recommendations for games designers and providers to ;

  • identify if players are under the age of 18 with a reasonable degree of certainty, and discourage false declarations of age;
  • ensure that games are not detrimental to children’s health and well-being, by including checkpoints and age-appropriate prompts to encourage players to take breaks from extended play or help them to disengage from extended sessions without feeling pressurised to continue playing or becoming fearful of missing out;
  • turn off behavioural profiling for marketing by default. If a child chooses to opt into receiving ads, you should implement measures to control or monitor product placement, advertising, or sponsorship arrangements including within community servers, where children can access community servers from within the game
  • discourage the use of “nudge techniques” to encourage children to make poor privacy decisions, including reviewing the marketing of social media competitions and partnerships to children and the encouraging of children to create social media accounts for fear of missing out on rewards.

Leanne Doherty, Group Manager at the Information Commissioner’s Office, says:

“Gaming plays a central part in so many young people’s lives, and the community and interaction around games can be a child’s first steps into the digital world. We want those first experiences to be positive ones, and the recommendations we’ve published today are there to support game developers.

“The Children’s Code makes clear that children are not like adults online, and their data needs greater protections.

We want children to be online, learning, playing and experiencing the world, but with the right protections in place to do so.”

93% of children in the U.K play video games, with younger children playing an average of two to three hours per day whereas older children are on average playing three or more hours.


Notes to editors

  1. For further information on the Children’s code, please visit our website: https://ico.org.uk/childrenscode
  2. The Information Commissioner’s Office (ICO) is the UK’s independent regulator for data protection and information rights law, upholding information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
  3. The ICO has specific responsibilities set out in the Data Protection Act 2018 (DPA2018), the UK General Data Protection Regulation (UK GDPR), the Freedom of Information Act 2000 (FOIA), Environmental Information Regulations 2004 (EIR) and Privacy and Electronic Communications Regulations 2003 (PECR).
  4. The Government included provisions in the Data Protection Act 2018 to create world-leading standards that provide proper safeguards for children when they are online.
  5. As part of that, the ICO is required to produce an age-appropriate design code of practice to give guidance to organisations about the privacy standards they should adopt when offering online services and apps that children are likely to access and which will process their personal data. (A link to the Parliamentary debate, led by Baroness Kidron, is here.)
  6. The first draft of the code went out to consultation in April 2019. It was informed by initial views and evidence gathered from designers, app developers, academics and civil society. You can read the responses here.
  7. The ICO also sought views from parents and children by working with research company Revealing Reality. The findings from that work are here.
  8. To report a concern to the ICO, go to ico.org.uk/concerns.


Notable coverage

16 February –  The Evening Standard, The Sun and The Independent reported on our new industry guidance for game developers on protecting children.

Original Source