What an extraordinary week for children's data privacy.
On the 12th August we had the ICO's long anticipated but heavily flawed Age Appropriate Design Code, which is intended to safeguard the processing of children's data, finally laid before Parliament with little but a whisper. It will come into force on 2 September with a 12 month transition period.
The very next day, we had the fruits of Ofqual's processing of kids personal data on a massive scale published in the recent A Level results fiasco - now the subject of a U-turn.
It's not clear how we ended up with a situation in which requiring companies to turn off by default data use for recommendations to children in online services appears to be prioritized over controls against the mass automated use of questionable algorithms to make decisions about children which will impact their entire futures. Ofqual claims that there was never any automated decision making in its 'standardisation' model (given there was some human intervention from teachers in initial scoring) but it is clear even the ICO has some question marks about general principles of fairness which are at the heart of data protection laws.
It is surely time that organisations and regulators focus on the basics of compliance with data protection requirements that are already in place, and have been for a while, rather than tinkering with new innovations and requirements. We don't really help kids unless we do.
This code will come into force on 2 September 2020, with a 12 month transition period. The Secretary of State laid the Age Appropriate Design Code to Parliament under section 125(1)(b) of the Data Protection Act 2018 (the Act) on 11 June 2020. The ICO issued the code on 12 August 2020 and it will come into force on 2 September 2020 with a 12 month transition period.