Robert Bond (firstname.lastname@example.org) is Senior Counsel & Notary Public at Bristows LLP in London, UK.
In the European Union, children’s data need to be processed in line with the General Data Protection Regulation (GDPR), and organizations that offer goods and services to children must now also take into account the Age Appropriate Design Code, which has recently been published by the UK regulator, the Information Commissioner’s Office. Children are considered to be all individuals under the age of 18.
The same rights and protections apply to children under the GDPR as apply to adults. However, extra care is needed here when fulfilling the data controller obligations, and different steps will have to be taken to ensure children obtain the correct level of protection. The code offers practical guidance on how to meet these obligations. The main tenets are: