The ICO has published a draft document, ‘Children
and the GDPR guidance’, and is seeking views on that draft until 28
February. The consultation documents and supporting blog post can be accessed here.
In a blog post, the Information Commissioner acknowledges that the GDPR introduces new, specific legal responsibilities for organisations processing children’s data from 25 May 2018 and explains the drivers and origin behind the draft guidance:
‘Encouraging children to interact with creative and educational opportunities online is an increasingly important part of growing up. We have to allow kids to develop agency while ensuring their fundamental interests and rights are protected. This is an area of focus for the ICO.
We have sought expert opinion from a variety of sources, including academics, child advocacy services, NGOs and industry about how to do this.’
The consultation accepts that the guidance may have to take account of further Article 29 Working Party guidance and any further developments in the Data Protection Bill; Elizabeth Denham refers specifically to the amendment which will commit the ICO to producing a code of practice for data controllers on age-appropriate website design.