Children’s Code Policy

Children’s Code Policy

 

1.0 Background

Organisations should comply with the Children’s Code (‘Age Appropriate Design Code’) which requires information society services to put the best interests of the child first when they are designing and developing apps, games, connected toys and websites that are likely to be accessed by them.

The code sets standards and explains how the General Data Protection Regulation applies in the context of children using digital services. Organisations should conform to the code and demonstrate that their services use children’s data fairly and in compliance with data protection law. The code is a set of 15 flexible standards that provides built-in protection to allow children to explore, learn and play online by ensuring that the best interests of the child are the primary consideration when designing and developing online services.

DigiBete CIC wish to and do conform with the standards because we want to demonstrate our commitment to always acting in the best interests of the child.

2.0 Code standards

The code standards and DigiBete’s position are:

  • Best interests of the child: The best interests of the child should be a primary consideration.

DigiBete always takes the best interest of the child into account in developing our resources. We have provided a Children’s Code Policy to help evidence this and where data is gathered, we minimize collection and do not use children’s data for marketing purposes and comply with the relevant code standards.

 

  • Data protection impact assessments: Data protection impact assessments (DPIA) must be undertaken to assess and mitigate risks to the rights and freedoms of children.

DigiBete undertakes DPIAs where required and has updated our current DPIA to include the Children’s Code standards.

 

  • Age appropriate application: Organisations must take a risk-based approach to recognising the age of individual users and ensure they effectively apply the standards in this code to child users.

As part of the registration process, DigiBete collects the Date of Birth of users and then ensures the standards that apply are adhered to for those users. There are 5 “bands” or age groups, however the ones that apply to the DigiBete App are (13-15: early teens and 16-17: approaching adulthood).

 

  • Transparency: The privacy information provided to users, and other published terms, policies and community standards, must be concise, prominent and in clear language suited to the age of the child.

DigiBete are committed to transparency generally and have provided a clear, easily accessible Children’s Code Policy and made it available to users, alongside any other relevant policies.

 

  • Detrimental use of data: Children’s personal data must not be used in ways that have been shown to be detrimental to their wellbeing, or that go against industry codes of practice, other regulatory provisions or Government advice.

DigiBete always uses data responsibly and in line with our published policies and procedures. We have provided a clear, easily accessible Children’s Code Policy and made it available to users, alongside any other relevant policies.

 

  • Policies and community standards: Organisations own published terms, policies and community standards (including but not limited to privacy policies, age restriction, behaviour rules and content policies) must be upheld.

This can be demonstrated by internal audits and policy reviews, e.g. Risk Reviews, Data Security & Protection Toolkit (DSPT), Cyber Essentials (CE) accreditation and NHS Data Technology Assessment Criteria (DTAC) accreditation.

 

  • Default settings: Settings must be ‘high privacy’ by default (unless you can demonstrate a compelling reason for a different default setting, taking account of the best interests of the child).

DigiBete comprises fully with this standard.

 

  • Data minimisation: Only the minimum amount of personal data you need, to provide the elements of your service in which a child is actively and knowingly engaged, should be collected and retained. Give children separate choices over which elements they wish to activate.

DigiBete only collects the minimum amount of data to provide the service required. Where any optional additional data is requested (eg. post code), this is agreed to separately by the user, on registration. This is demonstrated by our DPIA and current limited data collection practices.

 

  • Data sharing: Children’s data should not be disclosed unless you can demonstrate a compelling reason to do so, taking account of the best interests of the child.

DigiBete does not disclose or share data with third parties, other than anonymised data, gathered for internal reporting purposes, as part of our service or enhancing our resources.

 

  • Geolocation: Geolocation options should be switched off by default (unless you can demonstrate a compelling reason for geolocation to be switched on by default, taking account of the best interests of the child).

Geolocation is not used by DigiBete and is switched off by default. Google Anaytics is used to provide anonymised data at a Town/City level for internal reporting purposes, as part of our service or enhancing our resources.

 

  • Parental controls: If you provide parental controls, give the child age-appropriate information about this. If your online service allows a parent or carer to monitor their child’s online activity or track their location, provide an obvious sign to the child when they are being monitored.

The DigiBete web platform is open access and all content is child-friendly. Unsupervised access to the App is granted on registration for children over 13 years only.

 

  • Profiling: Profiling options should be switched off by default (unless you can demonstrate a compelling reason for profiling to be on by default, taking account of the best interests of the child).

DigiBete does not use profiling. The only dynamic content that we use is where we show the user information on the data they enter (eg. D.O.B) and the clinic they belong to.

 

  • Nudge techniques: Nudge techniques should not be used to lead or encourage children to provide unnecessary personal data or weaken or turn off their privacy protections.

DigiBete does not use Nudge techniques to request additional data items be provided by the user.

 

  • Connected toys and devices: If a connected toy or device is provided, you must ensure you include effective tools to enable conformance to this code.

Our resources do not support connected devices.

 

  • Online tools: Prominent and accessible tools should be provided to help children exercise their data protection rights and report concerns.

Contact details can be clearly found from the Settings menu to report any concerns or submit any queries.

 

3.0 Governance & Accountability

DigiBete has put systems in place to support and demonstrate our compliance with data protection

legislation and conformance to this code. These include implementing an accountability programme,

having suitable data protection policies in place, providing appropriate training for our staff and keeping

proper records of our processing activities.

 

All policies are reviewed at regular intervals, as required, by our directors and management committee and updated, as appropriate, to reflect changes in legislation and circumstances.

 

Any comments concerning this policy should be directed to hello@digibete.org