The Information Commissioner’s Office recently issued seven recommendations to help games developers comply with the Children’s Code (the Code) and ultimately help protect children that play their games. In this article, we consider the ICO’s recommendations and explain what they mean for developers.
Conduct risk assessments
Developers are encouraged to consider how popular their games may be among children and any associated risks their games might pose. This includes consulting with external stakeholders, including children, by gathering feedback, carrying out public consultations and conducting user testing or contacting relevant children’s rights groups for their opinions. Developers should also think about completing a Children’s Rights Impact Assessment.
The aim here is to gather data and assess the risk presented by specific games. Although the data may itself be difficult and time consuming to collate, the tailored nature of the data is likely to be valuable and may also be useful for sequels or otherwise similar games.
Know your players' ages
Developers are invited to consider the age range of players that play their games, and to consider the different needs associated with children at different stages of development. This involves identifying the age of players if under 18, investigating potential age assurance solutions, discouraging players from providing false ages, and implementing age assurance solutions.
The ICO suggests the use of a cooldown mechanism to stop users from returning to a previous page to insert a fake but acceptable age after inserting a real age. Another suggestion is to explore access to a data-free core element of the game until parental consent is confirmed or age assurance measures are put in place.
Developers must be clear and transparent about what data they are gathering, how they are gathering it, and allow their service users to properly understand how their data is being used. The ICO suggests running research to trial child friendly privacy information, displaying transparency information based on ability rather than age, and designing alternative and more effective ways of communicating privacy information to children. The hope is to express privacy information to children in a way that is easy to understand and makes sense for them.
Prevent the detrimental use of children’s data
Games developers should process children’s personal data in a way that is not detrimental to their health or wellbeing. Optional uses of personal data should be off by default and only activated after valid consent has been obtained from the player. As children are particularly vulnerable to marketing influences the ICO also recommends monitoring and controlling product placement, advertisement, and sponsorship arrangements within games.
The ICO also recommends designing games in a way to nudge players into taking breaks from extended play, such as by introducing checkpoints, automatic saving, and natural in-game interludes.
Set privacy settings and parental controls
The ICO wishes to ensure developers implement safeguarding measures by working with parents who can oversee and further protect their child as they play a game. The ICO highlights the benefits of developers encouraging players to activate high privacy settings and warning users of the risks around lowering privacy levels.
Allowing parents to monitor their children’s activities, for example by providing them with “real time alerts” where it is in the children’s best interest is recommended. Settings to prevent children from interacting with unknown people who are potentially adults should be implemented, such as friend request restrictions.
The ICO recommends turning off behavioural profiling for marketing by default. Developers should not be so quick to understand the preferences of children that play their games, thereby preventing children from being ‘targets’ of predatory advertising. This involves monitoring third-party advertisers and ensuring they only advertise age-appropriate content in-game, and encouraging parents to get involved with their children to assist them to double check that profiling is turned off.
Profiling options have become popular on social media apps where a message will pop up on the users’ screens and ask them if they want advertisements to be tailored to what they (seem to) enjoy. With the rise in popularity of free-to-play games, where third party advertisements are crucial to generating profit, this is something developers should remain conscious of.
Implement positive nudge techniques
The final ICO recommendation is to avoid using nudge techniques that lead children to make poor privacy decisions, and instead implement techniques that lead them to make good privacy decisions. A key part of this involves developers first knowing what good privacy decisions look like.
The ICO suggests assessing and documenting the risks of introducing time-limited or one time only offers on items targeted at children, using neutral purchase button designs to avoid children from being enticed to buy, introducing refund periods, and reviewing competition and partnership communications.
How can we help?
If you have any questions about processing children’s data or how you can ensure data protection compliance as a game developer, please contact a member of our Data Protection and Cyber Security team.
This article was co-written by Ussamah Nasar, Trainee Solicitor.