Policy Briefing — UK Age Appropriate Design Code finalised with 12-month transition

Executive briefing: The statutory code under the UK Data Protection Act 2018 requires online services to apply the best interests of the child, geolocation and profiling switches off by default, and transparent notices written for age groups. Organisations have 12 months from the 12 August 2020 publication to implement the 15 design standards before ICO enforcement begins on 2 September 2021.^{Code sections 2, 3; pp. 20–23}

Operational steps

• Service inventory. Map products likely to be accessed by children and document risk ratings, DPIAs, and age assurance approaches.
• Design controls. Disable geolocation and profiling by default for child users, and ensure nudge techniques do not lower privacy.
• Evidence packs. Prepare transparency pages and governance records demonstrating board oversight and escalation routes for children’s data risks.

Sources

• ICO Age Appropriate Design Code
• ICO news release on the final code

Related briefings

Curated signals from the same pillar or overlapping topics.

Policy · Credibility 92/100 · August 26, 2020

Compliance Briefing — August 26, 2020

Execution playbook for complying with the SEC's August 2020 human capital disclosure amendments, covering governance, data architecture, internal controls, and communication strategies.

Policy · Credibility 92/100 · August 14, 2020

Policy Briefing — California OAL approves final CCPA regulations effective immediately

The California Office of Administrative Law approved the Attorney General’s CCPA regulations on August 14, 2020, filing them with immediate effect and clarifying notices, request handling, and verification standards.

Policy · Credibility 92/100 · August 12, 2020

Policy Briefing — UK Children’s Code Finalised

Comprehensive implementation roadmap for the UK ICO’s Age Appropriate Design Code, outlining governance, product design, data minimization, and international alignment steps for digital services impacting children.

Policy · Credibility 92/100 · September 10, 2020

Compliance Briefing — September 10, 2020

Implementation roadmap for MAS's Individual Accountability and Conduct Guidelines, detailing responsibility mapping, conduct risk controls, outsourcing governance, and leadership actions.

Policy · Credibility 93/100 · September 18, 2020

Policy Briefing — Brazil’s LGPD enters into force with immediate controller obligations

Brazil’s Lei Geral de Proteção de Dados became effective on 18 September 2020, activating lawful basis, transparency, data subject response, and processor oversight duties ahead of administrative sanctioning in August…

Continue in the Policy pillar

Return to the hub for curated research and deep-dive guides.

Visit pillar hub

Latest guides

• Semiconductor Industrial Strategy Policy Guide — Zeph Tech

  Coordinate CHIPS and Science Act, EU Chips Act, and Defense Production Act programmes with capital planning, compliance, and supplier readiness.

• Digital Markets Compliance Guide — Zeph Tech

  Implement EU Digital Markets Act, EU Digital Services Act, UK Digital Markets, Competition and Consumers Act, and U.S. Sherman Act requirements with cross-functional operating…

• Export Controls and Sanctions Policy Guide — Zeph Tech

  Integrate U.S. Export Control Reform Act, International Emergency Economic Powers Act, and EU Dual-Use Regulation requirements into trade compliance, engineering, and supplier…