On February 16, 2023, the UK Information Commissioner’s Office (“ICO”) released guidance for the video game industry on how to conform with the UK’s Age Appropriate Design Code when developing video games. This blog post summarizes the ICO’s recommendations for video game developers and designers when creating video games that are likely to be accessed by children under the age of 18. For more information about the UK’s Age Appropriate Design Code, see our previous blog posts here and here.

The main takeaways of the guidance are as follows:

  1. Risk assessment. Game developers and designers should conduct a risk assessment before offering their games on the market to make sure data privacy considerations are taken into account, and children’s privacy is protected;
  • Age verification. Game developers and designers should identify with a reasonable degree of certainty whether players are under the age of 18;
  • No detriment on health and well-being. Game developers and designers should ensure that their games are not detrimental to players’ health and well-being (e.g., by automatically saving progress in a game, and creating natural breaks in gameplay) and be transparent about privacy risks that result from changes made in privacy settings;
  • Parental oversight. Game developers and designers should consider providing parents with “real-time alerts” about their children’s activities and information on how to better protect their children in an online environment;
  • Profiling and targeted advertising. Game developers and designers should ensure that behavioral profiling for marketing is turned off by default and players receive age-appropriate information on profiling and marketing advertising. For instance, developers should ensure that the opt-in consent for marketing is separate from the acceptance of Terms of Service and Privacy Policy when players create a new account; and
  • Nudging. Game developers and designers should discourage the use of “nudge techniques” to avoid a potential reduction of children’s protection in privacy settings. For example, children should not be encouraged to create or link their social media accounts to games in exchange of rewards or discounts.

***

Covington’s Data Privacy and Cybersecurity Team will continue to monitor developments in children’s privacy in the gaming industry. Our team is happy to assist with any inquiries relating to children’s privacy, and other tech regulatory matters.

Tags: Children's Privacy, Gaming, UK Information Commissioner's Office (ICO)
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Dan Cooper Dan Cooper

Daniel Cooper is co-chair of Covington’s Data Privacy and Cyber Security Practice, and advises clients on information technology regulatory and policy issues, particularly data protection, consumer protection, AI, and data security matters. He has over 20 years of experience in the field, representing…

Daniel Cooper is co-chair of Covington’s Data Privacy and Cyber Security Practice, and advises clients on information technology regulatory and policy issues, particularly data protection, consumer protection, AI, and data security matters. He has over 20 years of experience in the field, representing clients in regulatory proceedings before privacy authorities in Europe and counseling them on their global compliance and government affairs strategies. Dan regularly lectures on the topic, and was instrumental in drafting the privacy standards applied in professional sport.

According to Chambers UK, his “level of expertise is second to none, but it’s also equally paired with a keen understanding of our business and direction.” It was noted that “he is very good at calibrating and helping to gauge risk.”

Dan is qualified to practice law in the United States, the United Kingdom, Ireland and Belgium. He has also been appointed to the advisory and expert boards of privacy NGOs and agencies, such as Privacy International and the European security agency, ENISA.

Read more about Dan CooperEmail
Show more Show less
Photo of Sam Jungyun Choi Sam Jungyun Choi

Sam Jungyun Choi is an associate in the technology regulatory group in the London office. Her practice focuses on European data protection law and new policies and legislation relating to innovative technologies such as artificial intelligence, online platforms, digital health products and autonomous…

Sam Jungyun Choi is an associate in the technology regulatory group in the London office. Her practice focuses on European data protection law and new policies and legislation relating to innovative technologies such as artificial intelligence, online platforms, digital health products and autonomous vehicles. She also advises clients on matters relating to children’s privacy and policy initiatives relating to online safety.

Sam advises leading technology, software and life sciences companies on a wide range of matters relating to data protection and cybersecurity issues. Her work in this area has involved advising global companies on compliance with European data protection legislation, such as the General Data Protection Regulation (GDPR), the UK Data Protection Act, the ePrivacy Directive, and related EU and global legislation. She also advises on a variety of policy developments in Europe, including providing strategic advice on EU and national initiatives relating to artificial intelligence, data sharing, digital health, and online platforms.

Read more about Sam Jungyun ChoiEmailSam Jungyun's Linkedin Profile
Show more Show less
Diane Valat

Diane Valat is a trainee who attended IE University.

Email