:format(jpeg)/cloudfront-us-east-1.images.arcpublishing.com/tgam/6TLFCQNUQZOVHBTC3GHCTSB2NU.JPG)
Within months of the Age Appropriate Design Code coming into effect in Britain, the big names in tech made positive changes.DADO RUVIC/Reuters
Elizabeth Denham, CBE, was information commissioner of the United Kingdom (2016-21) and information and privacy commissioner of British Columbia (2010-16). She is a trustee of 5 Rights, an international charitable organization that works to put children’s rights at the heart of digital design. She also works as an international adviser to Baker McKenzie’s data and tech practice.
Personal information drives our digital economies. It can open doors and build connections, but it also can be exploited or misused.
Privacy laws have provided a bulwark against careless or malicious actors for more than 20 years now. Only recently, however, have we seen laws designed around the special vulnerabilities of young people. The governments of British Columbia and Canada seem ready to establish legal protections for children online, 10 years after we gave the world a devastating example of why we need strong laws.
Since Amanda Todd died at 15 in 2012 after being a victim of cyberbullying and sexual extortion, young people’s risk of online harms has grown. Children spend an increasing amount of time logged on and from an ever-younger age. Technologies that draw people into the digital experience – engaging and sharing, creating content and consuming ads – have advanced at a dizzying rate. Recommendations, nudges, notifications, endless scrolls and popularity metrics pervade designs of the digital systems our children use. Social media, mobile gaming, streaming sites and online stores all generate vast amounts of data generated by users.
Digital threats to Canada’s young people involve incursions into privacy and connections with strangers. They also involve games, products and services that are addictive by design.
Two years ago, when serving as the British Information Commissioner, I worked with government agencies, stakeholders and both houses of Parliament to develop and introduce into law the Age Appropriate Design Code. It consists of 15 enforceable standards. Taken together, they hold tech companies accountable for children’s experiences on their platforms. Under the Code, firms cannot use children’s data in ways known to cause damage, such as by recommending harmful content or sharing profiles with strangers. At its core, the Age Appropriate Design Code mandates that companies put the interests of children first, by design and by default.
Within months of the Code coming into effect in Britain, the big names in tech made positive changes. Instagram banned adults from messaging children. It also turned off location tracking and introduced prompts that encourage children to take breaks from scrolling. Google made SafeSearch the default browsing mode for children and turned off YouTube’s autoplay function. TikTok recently made accounts for those under 16 private by default. Reasonable, even obvious, modifications like these are long overdue. And they have yet to be implemented universally. Even so, after recent changes to laws in Britain and the United States, we see a promising shift in legal requirements, sanctions for non-compliance and consumer expectations.
Britain’s first-of-its-kind Age Appropriate Design Code has already inspired legislation in other jurisdictions. In September, the California Age Appropriate Design Code was signed into law. And so, Silicon Valley’s home state now benefits from comprehensive online protections for children. Similar developments seem inevitable, with promising signs coming from other U.S. states as well as the Netherlands and Ireland. We see the emergence of a global standard for regulating tech toward children’s privacy, safety and autonomy in the digital realm.
With B.C. and Canada now modernizing private-sector privacy laws, I hope to see Canadian legislators take up the baton. And I hope that regions and nations will make co-ordinated efforts. Taking different approaches could slow down or even undermine the whole effort. Different standards could create regulatory loopholes that firms might exploit. Further, tech companies that adopt privacy-respectful processes deserve a straightforward set of expectations, irrespective of where they or their users may be.
To harmonize standards, Canadian lawmakers should look to existing regulation in Britain and California for inspiration. Establishing coherent global regulation will close loopholes and make compliance easy for an industry that will never be constrained by national borders. Any future made-in-Canada regulations should codify children’s existing rights. Then, we must let tech companies do what they do best: innovate to the desired outcome.
We must act urgently and thoughtfully. Lawmakers from around the world should work together to keep children safe in the digital world they have inherited. The internet must become a safe place for them to learn, play and connect with peers.