Although not being official legislation itself and therewith not legally enforceable, the Code is based upon laws and regulations that are legally enforceable, such as the UN Treaty on Children's Rights and the (EU) General Data Protection Regulation. The Code is also endorsed by the Netherlands Authority for Consumers and Markets (de "Autoriteit Consument & Markt"). In light of the foregoing the Code is expected to gain traction in the market and is thus of relevance to those involved with the design, development and/or distribution of digital products.
The ten principles of the Code for Children's Rights
The complete Code can be found here, but is currently only available in Dutch. Below we list the ten basic principles from the Code and provide some insight into what's behind these principles.
1. Put the child's best interest first in design
"The child's best interest" is to be read as meaning anything relation to the wellbeing of a child and should be taken into consideration whenever the product or service could be potentially used by children; the leading principle is whether a child could be using the digital product or service, not whether said product or service is specifically aimed at children.
2. Involve children in the design process
Children should have a say from the very first moment of designing and developing a digital product or service, taking into consideration UNICEF's Guidelines and the British Age Appropriate Design Code.
3. Limit the processing of personal data
The rule of thumb should be: data-minimalization, that is to say: process as little data as possible. Where data is processed, it is of the utmost importance that the collected data is only used for the purpose for which the data was obtained.
4. Provide transparency in a way that is understandable and accessible to children
Information provision to children needs to be done in a way that is recognizable, accessible and understandable for children, preferably by using pictograms, cartoons and interactive content. Transparency is of particular importance when it concerns information related to additional costs in apps or games (often requested for add-on functionalities).
5. Conduct a child rights privacy impact assessment
Always make a privacy impact assessment when the data of children is being processed. For the steps that need to be followed, the Code primarily refers to the British Age Appropriate Design Code.
6. Provide a child-friendly privacy design
Guidance is given as to what constitutes a "child-friendly privacy design". For example, default settings in which the geolocation is not shared and the microphone and camera are switched off, as well as the option to stay fully anonymous.
7. Avoid data profiling of children
The functions for data profiling should in principle be turned off when children are concerned. In any case, combining different forms of profiling in a single privacy setting is not permitted.
8. Avoid economic exploitation of children at all times
Games and advertisements must not mislead children into purchases. In-app purchases by children must in principle only be made with parental consent – and games with in-app purchases should be clearly labelled as such and must not be labelled as "free games" or similar terms. The Code also refers to the rules in the Dutch Advertising Codes on Child and Youth advertising and on Social Media & Influencer Marketing.
9. Avoid harmful design for children at all times
Guidelines are provided on how to protect children from potentially addictive activities and/or harmful content. For example, avoiding time-bound assignments (as these can be addictive), providing the option for taking a break without having to restart the game, and/or limiting excessive notifications.
10. Develop industry guidelines focused on protecting children's interests and rights
Companies are stimulated to work on self-regulation to further the protection of children's rights in the digital world. Useful starting points for industry guidelines are UNICEF's Guidelines "Children's Rights and Business Principles" and "Child Online Protection Guidelines for the ICT Sector".
Authored by Samantha Brinkhuis and Lenneke van Gaal