The Data Brief

A monthly data protection bulletin from the barristers at 5 Essex Chambers

Regulatory and Statutory Update

7 September 2021

Children’s Code, in with the new Commissioner, out with the GDPR

August was a typically slow month for judicial decisions. It was an unusually busy month in other ways.

Elizabeth Denham’s term as Information Commissioner ends on 31 October 2021, following an extension which was agreed in January of this year. When that extension was announced, the Commissioner said that this year would see the end of the transition period for the Age Appropriate Design Code and that the Code would start to have a real impact. Also known as the Children’s Code, the Code “sets out 15 standards of age appropriate design reflecting a risk-based approach. The focus is on providing default settings which ensures that children have the best possible access to online services whilst minimising data collection and use, by default.” The first rule is that the best interests of the child should be a primary consideration when one designs or develops online services likely to be accessed by a child. One rule is against the use of “nudge techniques”, being design features (such as a disproportionately prominent “yes” button) which encourage children to provide unnecessary personal data or turn off privacy protections. Another rule provides that privacy information should be in terms which are suited to the age of the child and therefore are transparent. In respect of enforcement, the Code states that where the ICO sees harm or potential harm to children, they will likely take more severe action against a company that would be the case for other types of personal data.

On 26 August it was announced that the next Commissioner would be John Edwards, subject to the approval by the DCMS Committee and the Queen. John Edwards is the current New Zealand Privacy Commissioner. In 2017, Edwards described Facebook as “morally bankrupt liars” on his personal Twitter page, writing that “Facebook cannot be trusted” and using the creative hashtag #dontgiveazuck. Edwards was a lawyer in private practice for twenty years before becoming Privacy Commissioner.

At the same time as announcing the intended appointment of John Edwards, the Government published a Mission Statement on International Data Transfers. At the time of publication, the Secretary of State said that the Government plans on “reforming our own data laws so that they’re based on common sense, not box-ticking”. The Mission Statement is relatively light on the detail of how this will be achieved, but it describes the UK’s plans as “ambitious and diverse” and that “this is reflected in the UK’s flexible approach to adequacy”. It included a list of the UK’s priority destinations for data adequacy: Australia, Brazil, Colombia, Dubai, India, Indonesia, Kenya, South Korea, Singapore and the USA. Some commentators have observed that too flexible an approach and too significant reformation of UK laws will put in jeopardy the data adequacy decision that the EU recently made in favour of the UK.

Further reading

ICO statement on Children’s Code

Children’s Code

Elizabeth Denham’s statement on John Edwards

UK Mission Statement

The Data Brief

A monthly data protection bulletin from the barristers at 5 Essex Chambers

The Data Brief is edited by Francesca Whitelaw KC, Aaron Moss and John Goss, barristers at 5 Essex Chambers, with contributions from the whole information law, data protection and AI Team.

Visit the Information Law, Data Protection and AI area

Search The Data Brief

Portfolio Builder

Select the practice areas that you would like to download or add to the portfolio

Download    Add to portfolio   
Title Type CV Email

Remove All


Click here to share this shortlist.
(It will expire after 30 days.)