Under the draft rules, which were released for consultation on Monday , tech companies would not be allowed to use "nudge techniques" that encourage children to keep using a site. The Information Commissioner's Office said examples of "reward loops" that keep people using a site so that more of their personal data can be harvested include "likes" on Facebook and Instagram or "streaks" on Snapchat. A Snapchat streak involves two friends sending each other direct "snaps" on consecutive days.
The code of practice includes 16 standards that must be met by apps, connected toys, social media sites, search engines, news or educational websites and streaming or other online services. It applies to companies that offer services in the U.K., even if they are based outside the country.
The code also calls for "high privacy" settings to be on by default and "robust age-verification mechanisms." Only the minimum amount of data should be collected and location tracking should be disabled by default.
Violators face punishment including, in serious cases, fines worth 4 percent of a company's global revenue, which for the Silicon Valley tech giants would equal billions of dollars. "This is the connected generation. The internet and all its wonders are hardwired into their everyday lives," Information Commissioner Elizabeth Denham said in a statement. "We shouldn't have to prevent our children from being able to use it, but we must demand that they are protected when they do. This code does that."
Regulators worldwide are stepping up oversight of internet companies amid growing concern about privacy breaches and other online harm. The European Union introduced sweeping new privacy rules last year while in the U.S., momentum is building for a national privacy law.