m →Contents: Nudging is real, in theory, and there's only ever always been just that one (practical) way toward ANY hypothetical option (a common code).
The Children's Code is a [[code of practice]] enforceable under the [[Data Protection Act 2018]], and is consistent with GDPR and the [[Convention on the Rights of the Child]]. It specifies design standards for any information society services (ISS, which includes websites, software and apps, and [[connected toys]]) that are likely to be used by a [[Minor (law)|person under the age of 18]], and is based in or serves users within the United Kingdom.<ref name=":2" /><ref name=BBC/>
The Codecode requires that services be designed in the "best interests" of children, including their physical and mental health, protecting them from being exploited commercially or sexually, and acknowledging parents and caregivers' roles in protecting and supporting their child's best interests.<ref name=":2" />
The Codecode specifies that when used by a child, online services must use their highest privacy settings by default, unless there is a "compelling" reason to do so while keeping into account the best interests of the child. This includes not allowing access to data by other users, [[___location tracking]], or behavioural profiling (such as [[algorithmic curation]] and [[targeted advertising]]).<ref name=":2" /> The amount of data collected from children must be minimized, only collecting data that is strictly necessary to deliver service elements that a child is "actively and knowingly engaged" in. A service may not disclose a child's personal data to a third party without a compelling reason to do so.<ref name=":2" />
Services must present their [[privacy policy]], privacy options, and data export and [[Data erasure|erasure]] tools in clear and age-appropriate means. They must not use [[dark patterns]] to "[[Nudge theory|nudge]]" children towardstoward options that reduce their privacy.<ref name=":2" /> The Codecode recommends that privacy settings and tools be tailored to the needs of specific age groups.<ref name=":2" /> Per GDPR, a user must be at least 13 years old to give verifiable consent to data processing; verifiable consent must be given by the child's parent or custodian.<ref>{{Cite web |title=Age of consent in the GDPR: updated mapping |url=https://iapp.org/resources/article/age-of-consent-in-the-gdpr-updated-mapping/ |url-status=live |archive-url=https://web.archive.org/web/20180527023437/https://iapp.org/resources/article/age-of-consent-in-the-gdpr-updated-mapping/ |archive-date=27 May 2018 |access-date=26 May 2018 |website=iapp.org}}</ref><ref name="privacy association">[https://www.privacyassociation.org/media/presentations/A12_EU_DP_Regulation_PPT.pdf "How the Proposed EU Data Protection Regulation Is Creating a Ripple Effect Worldwide"]. Judy Schmitt, Florian Stahl. 11 October 2012. Retrieved 3 January 2013.</ref>
