The latest developments include a recent correspondence on November 17th, 2021 between the 5Rights Foundation and the UK ICO (Information Commissioner’s Office.) The correspondence confirms new investigations are underway that are probing approximately 50 tech companies’ improper conduct with regards to the Age Appropriate Design ‘statutory code of practice.’ The latest information suggests that Google and Apple are among those being currently probed.

5Rights, UK ICO, And The Age Appropriate Design Code

Because of the hazards that social media poses to children, well-established legislation like the COPPA and foundations like 5Rights now exist to scrutinize how the digital design of products and services puts children at risk. 5Rights, “takes the existing rights of children and young people (under 18), and articulates them for the digital world.” In addition to charities like 5Rights and its many signatories including UNICEF and the NSPCC, official government bodies like the UK ICO are highly involved, having instated a 15-step code called “Age Appropriate Design“, which was passed on the 2nd of September, 2021. According to the UK ICO (ico.org.uk), Age Appropriate Design is, “the first of its kind, but it reflects the global direction of travel with similar reform being considered in the USA, Europe and globally by the Organisation for Economic Co-operation and Development (OECD).”

5Rights Letter to the UK ICO Reveals Substantial Investigation

Correspondence between the Founder and Chair of 5Rights Baroness Kidron, and the commissioner of UK ICO Elizabeth Denham dated October 8th and November 17th, 2021 respectively involves the topic of, “systemic breaches of the Age Appropriate Design Code (Children’s code).” The initial correspondence sent by 5Rights to the UK ICO stated that 5Rights conducted research in July and August 2021,  “testing products and services to identify gaps in compliance with the standards set out in the Code.” The research reflected in the “Summary of systemic breaches” section of the letter underlines the insufficient compliance of the tech industry to the code. In the reply sent from UK ICO to 5Rights, UK ICO commissioner Denham wrote that UK ICO is, “conducting an evidence gathering process to identify conformance with the code, and thus compliance with the underlying data protection law.” Denham also wrote that UK ICO is concentrating on intervening on, “operators of online services where there is information which indicates potential poor compliance with privacy requirements, and where there is a high risk of potential harm to children.” With the new research from 5Rights in hand, the UK ICO’s current focus is on, “social media and messaging; gaming; video content and music streaming” because “specific cases of non-conformance against thematic areas of concern” were found.

5Rights’ Summary of Systemic Breaches

5Rights have outlined a Summary of Systemic Breaches in their letter to the UK ICO that included the following points;

UK ICO Will be Proceeding With ‘Steps’ in 2022

The correspondence confirms that UK ICO has contacted 40 organizations that operate in high-risk sectors, and is in the process of contacting 9 more. UK ICO stated that they have already “written to 40 organizations across the three sectors” and that they hope to receive responses from, “all organizations by the end of December.” At this time, a full list of those in question has not been publicly disclosed. The UK ICO revealed a rough time frame for tech companies and corporations to comply with the new Code, “Our regulatory options will be based on that careful understanding and as such, I expect that we will progress to next steps in spring 2022.” In addition, Baroness Kidron has confirmed that she will be submitting formal complaints if companies and corporations do not comply with the ICO’s warnings.

Apple and Google Have Been Mentioned

Among the long list of tech companies and corporations that are under scrutiny are tech giants Apple and Google which have been marked by 5Rights as having breached points 2 and 9 of the Summary of Systemic Breaches. In the correspondence, the UK ICO confirmed that they have contacted both corporations about app age ratings “to enquire about the extent to which the risks associated with the processing of personal data are a factor when determining the age rating for an app.”

UK Data Protection Regulators Launch Investigation on Tech Companies - 40UK Data Protection Regulators Launch Investigation on Tech Companies - 75UK Data Protection Regulators Launch Investigation on Tech Companies - 41UK Data Protection Regulators Launch Investigation on Tech Companies - 80