The UK's Age Appropriate Design Code is coming into effect from today, and companies now have 12 months to adapt their practices to the new rules.
Crafted by the Information Commissioner's Office, this code of practice aims at protecting children's data online. It sets 15 standards to "ensure that children have the best possible access to online services whilst minimising data collection and use, by default."
The ICO can fine companies up to 4% of their global turnover if they don't comply with data protection guidelines, the BBC reported.
The code's standards aim at severely limiting how much data is collected from children by online companies -- and that includes video games companies, as Baker McKenzie's Ben Slinn told us in May in an article detailing what the code means for the games industry.
"The best interests of the child should be a primary consideration when you design and develop online services likely to be accessed by a child," the code read.
Companies are now invited to assess if the code applies to them. In the case of games companies, they'll need to figure out if it applies to their existing games. Online firms will also need to establish with clarity the age of their individual users in order to be able to comply with the statutory code, and go through a Data Protection Impact Assessment.
Settings must be set on high privacy by default for children, the code added, and geolocation must be turned off by default. You can read ICO's Age Appropriate Design Code on this page.
The code was published in early 2020 following public consultation and was approved by Parliament on August 12.
Information commissioner Elizabeth Denham told the BBC: "A generation from now we will all be astonished that there was ever a time when there wasn't specific regulation to protect kids online. It will be as normal as putting on a seatbelt.
"This code makes clear that kids are not like adults online, and their data needs greater protections."