The UK’s Information Commissioner’s Office (ICO) has urged social media and video-sharing platforms to enhance their data protection practices to ensure children’s safety online, the regulator outlined in its key priorities for 2024-2025.

The ICO’s Children’s Code of Practice initiated improvements in privacy protection for children online, with many organisations addressing potential privacy risks for children on their platforms.

The ICO’s strategy emphasises several priority areas for improvement in social media and video-sharing platforms, focusing on default privacy settings, targeted advertising, recommender systems, and consent for children under 13.

In a statement, the ICO said that children’s profiles should be private by default, and geolocation settings must be turned off by default to mitigate risks to their safety and well-being.

Profiling children for targeted ads should also be off by default unless there is a compelling reason to use it, to ensure children maintain autonomy over their personal information.

Algorithms generating content feeds should not lead children to harmful content, and platforms should avoid encouraging excessive platform use or sharing of personal information.

Services must obtain parental consent for using the personal information of children under 13 and employ age assurance technologies to apply appropriate protections.

The ICO plans to collaborate with other UK regulators like Ofcom and international counterparts to enhance global data protection standards for UK children.

Children’s privacy has been highlighted as a global concern, requiring businesses worldwide to ensure the appropriate use of children’s personal information to prevent online harm.

The ICO, represented by John Edwards, will attend the IAPP Global Privacy Summit 2024 to speak with tech companies and reinforce regulatory expectations regarding children’s privacy.

Tech giants have been under increasing scrutiny to protect minors on their platforms. Last year, short-form video platform TikTok was fined $370m for violating children’s data privacy by Europe’s Data Protection Commission.