What an extraordinary week for children's data privacy.
On the 12th August we had the ICO's long anticipated but heavily flawed Age Appropriate Design Code, which is intended to safeguard the processing of children's data, finally laid before Parliament with little but a whisper. It will come into force on 2 September with a 12 month transition period.
The very next day, we had the fruits of Ofqual's processing of kids personal data on a massive scale published in the recent A Level results fiasco - now the subject of a U-turn.
It's not clear how we ended up with a situation in which requiring companies to turn off by default data use for recommendations to children in online services appears to be prioritized over controls against the mass automated use of questionable algorithms to make decisions about children which will impact their entire futures. Ofqual claims that there was never any automated decision making in its 'standardisation' model (given there was some human intervention from teachers in initial scoring) but it is clear even the ICO has some question marks about general principles of fairness which are at the heart of data protection laws.
It is surely time that organisations and regulators focus on the basics of compliance with data protection requirements that are already in place, and have been for a while, rather than tinkering with new innovations and requirements. We don't really help kids unless we do.