Question to the Department for Digital, Culture, Media & Sport:

To ask the Secretary of State for Digital, Culture, Media and Sport, what steps his Department is taking to help prevent apps from accessing the personal data of children without the permission of a parent or guardian.

We take the protection of personal data very seriously, particularly when it relates to children and young people. Apps that process personal data must comply with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

Apps that offer online services need to obtain parental consent to the processing of personal data for children who are under the age of 13. By law they must also make reasonable efforts to verify that the person providing consent holds parental responsibility for the child. Organisations which fail to comply with this obligation may be subject to enforcement action by the Information Commissioner’s Office (ICO).

The Data Protection Act 2018 also introduced a requirement for the ICO to produce a statutory code of practice on age-appropriate design. This code will ensure websites and apps are designed in a way that makes clear what data is being collected on children, how this data is being used, and how both children and parents can stay in control of this data.

The ICO’s consultation on the age-appropriate design code of practice closed on 5 December 2018. Further information about the consultation is available on the ICO’s website at ico.org.uk