Neither blessed with a catchy title nor immediately in force, the Age Appropriate Design Code grabbed few headlines when it was issued by the Information Commissioner (ICO) in 2020. Now re-badged as the Children’s Code and in force from 2 September 2021, it is being feted as an early blow in the UK government’s wider campaign against online harms and in particular the risks to the privacy of minors. Broadly drawn, both in terms of the online service providers affected and its geographic reach, the Code provides guidance on safeguards for the online treatment of children’s personal data, with compliance underpinned by the potentially severe enforcement powers of the UK GDPR. Sensing the way the wind was blowing, the tech titans had already modified their services, spurring calls for similar measures in other countries. Misgivings over the ambit and practical impact of the Code remain, however, particularly in relation to the thorny issue of age-verification.

Read more

Partner Julian Hayes is interviewed on potential developments for UK data protection regulations.

“Treasure trove’ and ‘gold mine’ are descriptions which jar when describing the sensitive health care data recorded by GPs in countless daily consultations up and down the country in the expectation of doctor-patient confidentiality. Yet, this is how some people perceive the patient records of 55 million citizens which the UK Government plans to make available to a variety of users in pseudonymised form in a scheme unveiled without fanfare in May 2021, formally known as the General Practice Data for Planning and Research. Supported by David Davis MP, an assortment of medical bodies, charities and privacy campaign groups have forced a Government rethink – at least for now.