As fun as video gaming is, there is room for improvement, especially when it comes to developing titles for children. Since studios weren’t changing on their own, the UK’s Information Commissioner’s Office (ICO) took action in September 2020 with the Age Appropriate Design Code.
Now, Congress is urging US companies to follow suit, but what does this Code actually involve? Here's everything we know about these new child-friendly standards in video game development.
What Is the Age Appropriate Design Code?
Children are more vulnerable than adults as they play PC or mobile games without realizing the risks involved. The ICO is a data protection agency, so it’s mostly focused on safeguarding people’s data and related rights, but the Code covers children’s best interests in general.
The Age Appropriate Design Code asks developers in the UK to meet certain conditions when designing titles for children or titles that children might use. These standards are there to protect young gamers from the pitfalls of their favorite hobby.
After the 12-month transition period, ending September 2, 2021, companies violating the Code can expect penalties. These range from warnings to severe fines, amounting to around $ 23.5 million or 4 percent of the developer’s annual revenue—whichever is higher.
Why Does the US Care About the Age Appropriate Design Code?
Since the Code came into effect, Congress has been contacting big companies and urging them to meet the same standards in the US. Trahan House shared the letters to Blizzard, Disney, Microsoft, Epic Games, and others. The likes of Facebook, Google, and TikTok got them too.
The hope is to build on the Children’s Online Privacy Protection Act (COPPA), strengthening the rights of all young gamers. It would stop game designers from manipulating children, abusing their data, and profiting from their unsafe activity.
Congress members state specific examples in the letters:
The prevalence of micro-transactions—often encouraged through nudging—have led to high credit card bills for parents. Loot boxes go one step further, encouraging purchase before a child knows what the “bundle” contains— akin to gambling.
While there are several ways to make online gaming safer for kids, parents and any adults responsible for children’s wellbeing could breathe easier knowing governments and developers have their backs in minimizing threats.
What Gaming Companies Must Do According to the Age Appropriate Design Code
So what must game companies do to adhere to these rules? The Age Appropriate Design Code can be split into 12 main ideas.
1. Undertake a Data Protection Impact Assessment (DPIA)
Companies must submit their project for a DPIA, ideally before designing the game or service. The process checks whether the system is safe for children to use and identifies any problems so developers can counter them. Spotting these early can save time and money.
2. Deliver Age Appropriate Content
Something developers will need to become very familiar with are age ranges, their abilities, and how to accommodate them safely.
Basically, a video game’s designers must be as specific as possible about the age range of their target audience and tailor its system to accommodate children. This means, for example, being able to confirm players’ age and deliver a service with minimal risk to their data privacy.
3. Provide Clear Information
Someone’s age affects what they’ll understand and what the best way is to help them absorb information, especially important or complicated details about safe gaming.
The Age Appropriate Design Code encourages companies to be crystal clear with young gamers. They must include features like child-friendly language, bite-sized explanations, notices before every in-game moment that collects data, and prompts for adult consent.
4. Protect Children’s Data
If data processing is essential to the game, companies should collect the absolute minimum from children. And they mustn’t use that data in a way that harms their young users, physically or emotionally. This includes sharing it with third parties.
The ICO also expects titles to have safeguards in place that protect children from content that can manipulate, exploit, or traumatize them.
As a result, following official rules regarding children is a must. The Code highlights organizations like the General Data Protection Regulation (GDPR), Committee of Advertising Practice (CAP), and Office for Fair Trading (OFT) among others.
5. Avoid Nudge Techniques
Since the Code specifically mentions nudging as a feature to avoid, designers should use it at their own peril. It basically involves stylistic choices that encourage people to go for one option over another when buying products, for example.
In online gaming, the designer might make an upgrade more prominent or less rewarding than others. When asking for permission to access your data, they might phrase the “no” option in a very negative way.
Children are more susceptible to manipulation, so the ICO warns developers against having any nudging techniques in games for young users. This can prevent unnecessary expenses and sharing of personal data.
6. Make High Privacy Settings the Default
When a child uses a game, its privacy settings should be at their tightest by default. This means minimal data collection and no sharing with third parties.
The player should also be able to clearly see how the settings affect their gaming experience. If they try to change anything, notices and explanations must be simple enough to understand.
The ICO suggests two additional features, starting with the option to make changes permanent or temporary, meaning they’ll switch back to high privacy after a session.
Then, there’s the ability to have individual settings for different users. On console, for example, a child shouldn’t have to share or keep changing an adult player’s privacy settings, which might be much lower.
7. Improve Geolocation Control
Firstly, there should be a clear explanation as to what geolocation is or a prompt to ask an adult about it. Secondly, the child should be able to see when they're being tracked.
Even more importantly, geolocation must be off by default. If it is turned on, the game must be able to automatically switch it off again after a session in case the child forgets or didn’t mean to activate it in the first place.
8. Disable Profiling
The Code discourages profiling in general when it comes to children, unless a game’s design can protect them from its potential harm. Like geolocation and data sharing, it should be turned off by default.
While profiling can tailor the gaming experience to people’s tastes and make it more fun, it can lead to overspending, distraction, and abuse of personal details. At the end of the day, if adults can lose control or fall for scams, children are far more vulnerable.
9. Enable Parental Controls That Respect Children’s Rights
As one of the main ways to protect children, video game companies must have good parental controls on their products. However, it’s not just protecting children from dangerous sites or stopping them from gaming all day that interests the ICO.
The Age Appropriate Design Code states that young gamers have a right to privacy and that they must know about the parental controls in place. To be exact, the game should tell them what their parents are able to monitor and when they’re actually doing so.
10. Provide Online Tools for Children to Exercise Their Rights
All this transparency makes children feel comfortable and safe when gaming, as does knowing exactly what to do when there’s a problem or they have technical questions.
Whether it’s about a violation to their privacy, deleting their data, or just needing help in changing settings, game designers must make relevant tools prominent and easy to use for different age ranges.
11. Apply the Code to All Toys and Devices With Data Processing
Considering the high-tech toys available today, from handheld gaming devices to smart teddy bears, a child’s privacy can be at risk on several fronts. So, companies that deal with all kinds of children’s digital entertainment are on the ICO’s watchlist.
Whether they design video games or toys, they have to tick the boxes above, ensuring their young customers’ wellbeing is their main priority.
12. Uphold Published Policies and Community Standards
Finally, once a game passes its DPIA and the company establishes its core principles that will keep users safe, it’s essential to not violate these policies and standards.
It’s a bad move to begin with, but if you fail the ICO and risk children’s security without a very good reason, extra pressure and penalties will follow.
Children’s Online Activity Can Be Fun and Safe
Hopefully the Age Appropriate Design Code will inspire the US enough to establish its own super secure system for young gamers. It forces companies to change a lot in terms of strategy and design, but everyone can benefit in the long run, especially children.
They should be free to enjoy the digital world without being tricked or leaving their parents with huge bills. With safeguards and supervision, there’s lots to do online, from video games and Netflix to eLearning opportunities for all ages.