Imagine your 10-year-old niece browsing the digital world unsupervised, encountering content that’s inappropriate for her age. She stumbles upon violent content, explicit images, or harmful language that could have a lasting impact on her mental health, physical health, and overall well-being. It’s a scary thought, isn’t it?

Age Appropriate Design Code is a crucial regulation introduced to protect children online. Under the Age Appropriate Design Code, it’s not just about what content children can access, but also how their data is used — highlighting the importance of robust age verification systems.

What Is the Age-Appropriate Design Code?

The Age Appropriate Design Code, often referred to as the Children’s Code, is a set of 15 standards that online services must follow to protect children’s privacy and ensure their online safety. These standards aim to provide a default baseline to protect children’s data and apply to any online service product or feature that is likely to be accessed by children, including apps, online games, and websites. The code addresses critical aspects such as data privacy settings, nudge techniques, and data sharing.

The concept of the Age Appropriate Design Code first originated in the United Kingdom under the Data Protection Act 2018. The UK Information Commissioner’s Office (ICO), the country’s independent authority set up to uphold information rights, introduced this code as a significant step toward safeguarding children’s online privacy. It came into effect in 2021.

Several businesses have already implemented the Age Appropriate Design Code, and the results have been overwhelmingly positive. For example, the Google Play Store now prevents kids under 18 years from downloading apps that are not suitable for them. Likewise, TikTok and Instagram have disabled direct messages between minors and adults who are not in their followers’ lists.

Following its success, the concept was adopted in California, United States, under the California Consumer Privacy Act (CCPA). The California Age Appropriate Design Code further modified and enhanced the standards to suit the local context, placing a clear emphasis on protecting child users in the digital era.

“Age-appropriate design” refers to the principle of developing online services in a way that provides built-in protection for children. It ensures that the online service is suitable for their age and comprehension levels. The online service must put the child’s privacy, safety, and well-being before their own interests. This safeguards them from harmful content and preserves their privacy on online platforms.

This involves taking into account the age range of the audience, the complexity of the service provided, and the ability of children at different stages of development to comprehend data protection information.

As a guide, the ICO highlights the following age ranges:

0 years to 5 years: pre-literate and early literacy

6 years to 9 years: years core primary school years

10 years to 12 years: transition years

13 years to 15 years: early teens

16 years to 17 years: approaching adulthood

This principle is at the heart of the Age Appropriate Design Code, ensuring that children can explore, learn, and play online without jeopardizing their safety and privacy.

Why is the Age Appropriate Design Code Important For Online Services?

Even underage children are often treated as adults in the data practices in the digital realm. Their data points are routinely accessed, intensively collected and used without their genuine consent or comprehension of the implications. In reality, children may not fully grasp the terms and conditions of data usage and the potential risks associated with data sharing.

They may unknowingly permit the collection and use of their sensitive personal information, unaware of how the personal information collected could be manipulated or misused. This occurrence is alarmingly frequent, emphasizing the urgent need for the application and adherence to the principles of the Age Appropriate Design Code.

Did you know that by the time a child is 18 years old, an estimated 70,000 data points will be collected by online services about them?

The glaring failure of businesses to provide age-appropriate data protection to children led to the creation of stringent laws. The pervasive practice of capturing, utilizing, and often exploiting children’s data without their informed consent catalyzed a significant number of legislative actions worldwide. These new laws aim to safeguard children’s online presence, enforcing businesses to cognizantly design their services, keeping in mind the vulnerability and innocence of their underage users.

The UK’s Age Appropriate Design Code has been instrumental in setting robust standards for online services, emphasizing the need to consider age when designing digital platforms. This law demands transparency, privacy by default, and the minimization of data collection. In California, the law pushes the envelope further by reinforcing the obligation of businesses to protect children’s personal information, ensuring the implementation of age-appropriate safeguards and strict adherence to data privacy norms.

What Is the California Age Appropriate Design Code?

The California Age Appropriate Design Code is a legislative regulation that mandates businesses and online platforms to implement age-appropriate design concepts and proactively safeguard children under the age of 18 who are California residents from potential risks on the internet. This involves minimizing unnecessary data collection, prioritizing data security, and ensuring that digital interfaces are designed in the best interests of children.

The code also requires businesses offering online services to make reasonable efforts to use visual aids, appropriate font sizes, and clear language suited to the age of the child when presenting terms of service agreements or community standards to them. This ensures that children are able to understand the terms and conditions they are agreeing to and have actual knowledge to make informed decisions about their online activities.

For example, if a business allows the child’s parent, guardian, or other consumer to track the child’s real-time location, the business needs to provide an obvious sign to the children when their location is being tracked. Similarly, they must provide a compelling reason for collecting sensitive data, such as biometric information or precise geolocation for young people.

Non-compliance with these mandates can result in a significant amount of penalties. For example, the California Attorney General has the authority to impose civil penalties of up to $2,500 per child affected in aspects relating to negligent violation, and $7,500 per child for an intentional violation. These penalties serve as a deterrent, encouraging businesses to prioritize children’s online privacy and adhere strictly to the code’s requirements.

Comparing the UK and California Age Appropriate Design Codes

Both the UK and California’s Age Appropriate Design Codes share a common objective – the protection of children’s online privacy. However, the manner in which they approach this mission exhibits some noteworthy differences.

The UK’s code strongly emphasizes age-appropriate design, mandating online service providers to prioritize privacy and data protections for children. It underscores the importance of transparency and insists on the implementation of default privacy settings, minimizing the collection of children’s data wherever possible.

In contrast, California’s code supplements these principles with increased responsibility for business’s data management practices. It not only expects digital platforms to adopt age-appropriate designs but also demands them to proactively protect children from potential online risks. This translates into more robust safeguards and strict adherence to privacy norms, ensuring that businesses shoulder a greater share of responsibility in preserving children’s data privacy.

To Whom Does the California Age Appropriate Design Code Apply?

The California Age Appropriate Design Code applies to all online businesses that fall under the definition of a “business” according to the California Consumer Privacy Act (CCPA), and that offer online products, services, or features that are “likely to be accessed” by children. If any of the following six indicators are present in an online service, product, or feature, there is a high likelihood that it will be accessed by children:

  1. Focus on children, as delineated by the Children’s Online Privacy Protection Act.
  2. Regular access by an audience composition of a substantial number of children.
  3. Advertisements marketed towards children.
  4. If there is a notable resemblance to an online service, product, or feature that is regularly utilized by a considerable number of children.
  5. Design elements that are appealing to children.
  6. The majority of the audience comprises children.

How Can Businesses Prepare for the California Age Appropriate Design Code?

The California Age Appropriate Design Code takes effect on July 1, 2024. Businesses and organizations have until this date to ensure that their online platforms, websites, and mobile apps are compliant with the code’s requirements.

To prepare for compliance, businesses can take these steps:

  • Conduct internal company research: Businesses should conduct an internal review of their data collection and processing practices to determine if they are targeting children under the age of 18. This will help businesses understand which aspects of the code apply to them.
  • Prepare for Data Protection Impact Assessment (DPIA): Businesses need to review any new online service or product features and assess their impact on children’s privacy. They also need to review DPIA every two years to ensure continued compliance with the code.
  • Verify age of users: Businesses should have a mechanism in place to verify the age of their users. This can include obtaining consent from a parent or guardian, requesting government-issued identification, or using a trusted third-party age verification system.

Understanding Age Verification

Digital age verification is a simple process that ensures a user is of the appropriate age to access certain online services or content. It can be carried out using different age assurance methods like:

  • Age gating: This method is commonly used by social media platforms and other online services that require users to create an account. While this method is easy to implement, it is not foolproof as users can easily input a false date of birth.
  • Age verification: Age verification is a more secure method to verify a child’s age. This is done using identity verification solutions. These systems require users to provide government-issued identification, such as a driver’s license or passport, to verify their age. The document is then checked against a reputed database to ensure its validity. Advanced systems may also require facial recognition or biometric verification for added security.
Age verification solution

Further read: Age gating vs age verification

Is Age Verification Required for Your Business?

Driver's license verification

Yes, age verification may be required depending on the nature of your business. Industries where age verification is crucial include:

  • E-commerce: Websites selling age-restricted products such as alcohol or nicotine need robust age verification.
  • Streaming Platforms: Age verification is necessary for platforms that stream age-rated content.
  • Bank and Financial Services: Banks and financial institutions may require age verification to comply with Know Your Customer (KYC) regulations.
  • Gaming: Online gaming platforms need to verify the age of users as many games have age restrictions.
  • Dating Apps: Age verification is vital for dating apps, especially when minors are not allowed on the platform.

The Imperative of a Comprehensive Identity Verification Solution

How HyperVerge age verification works

Age verification has become more crucial than ever before. HyperVerge offers cutting-edge end-to-end identity verification solutions that cater to the rising need for age and identity verification. With its document verification, phone verification, and database checks, HyperVerge’s solution ensures maximum security while offering a seamless user experience. Sign up now to experience the superiority of our technology for yourself.