Question to the Department for Digital, Culture, Media & Sport:

To ask the Secretary of State for Digital, Culture, Media and Sport, what assessment he has made of the adequacy of the powers available to the Information Commissioner’s Office to enforce their guidelines on online child safety.

The Information Commissioner's Office (ICO) is responsible for regulating compliance with data protection legislation. The Government's Data Protection Bill will strengthen legislation around data protection and give the Commissioner tougher powers to ensure that organisations comply.

As part of this Bill, the Information Commissioner’s office will now be responsible for producing a new statutory age appropriate design code for online services which are likely to be accessed by children. This code will help ensure that children in the UK are granted a robust data regime so they are able to access online services in a way that meets their age and development needs. It will ensure that websites and applications are designed in a way that makes clear what data is being collected on children, how this data is being used, and how both children and parents can stay in control of this data. Non-compliance with this code will be a factor in any ICO decision to bring forward enforcement action against websites that do not comply with the GDPR.

The Information Commissioner provides guidance and works with organisations to build compliance. There are a number of tools available to the ICO to ensure compliance with GDPR, including criminal prosecution, non-criminal enforcement and audit. For those who commit serious breaches there are significant financial penalties including fines up to £18 million or 4% of global turnover that can be applied as well as the backstop of criminal prosecution.