---
title: "UK GDPR Children and Age Appropriate Design"
canonical_url: "https://www.sorena.io/artifacts/uk/uk-gdpr/children-and-age-appropriate-design"
source_url: "https://www.sorena.io/artifacts/uk/general-data-protection-regulation/children-and-age-appropriate-design"
author: "Sorena AI"
description: "Implement the UK Children's Code with grounded guidance on likely to be accessed tests, high privacy defaults, profiling limits, geolocation, age assurance."
published_at: "2026-02-21"
updated_at: "2026-02-21"
keywords:
  - "UK GDPR children data"
  - "age appropriate design code"
  - "likely to be accessed by children"
  - "Children's Code compliance"
  - "Children's Code"
  - "Age Appropriate Design"
---
**[SORENA](https://www.sorena.io/)** - AI-Powered GRC Platform

[Home](https://www.sorena.io/) | [Solutions](https://www.sorena.io/solutions) | [Artifacts](https://www.sorena.io/artifacts) | [About Us](https://www.sorena.io/about-us) | [Contact](https://www.sorena.io/contact) | [Portal](https://app.sorena.io)

---

# UK GDPR Children and Age Appropriate Design

Implement the UK Children's Code with grounded guidance on likely to be accessed tests, high privacy defaults, profiling limits, geolocation, age assurance.

*Children's Data* *UK GDPR*

## UK GDPR Children and Age Appropriate Design

Design online services for children using the ICO child first standards.

If a service is likely to be accessed by children, the Children's Code affects defaults, profiling, geolocation, sharing, and transparency.

The Children's Code changes product settings, feature design, vendor choices, and testing practices for online services likely to be accessed by children.

## Likely to be accessed analysis

The first decision is whether children are likely to access the service. ICO guidance expects a real assessment of audience, features, marketing, and actual user patterns, not a simple statement that the service is intended for adults.

- Document audience evidence from analytics, market, and product signals
- Map the child journey across onboarding, content, messaging, ads, and support
- Identify third party SDKs and data sharing dependencies that affect children
- Record the age bands you design for and why

## Standards that usually require product changes

The standards most often missed in practice are high privacy by default, data minimisation, avoiding detrimental uses, turning geolocation off by default, disabling profiling by default unless there is a compelling reason, and not using nudge techniques that push children toward weaker privacy.

- Set high privacy defaults for collection and sharing
- Turn precise geolocation off by default unless strongly justified
- Avoid profiling or persuasive design that undermines privacy choices
- Provide child appropriate explanations at the point of use

## Assurance and evidence

The ICO AADC impact assessment template is a practical way to show how product and privacy teams considered harms, alternatives, and safeguards before launch.

- Maintain a Children's Code control matrix against the 15 standards
- Keep AADC impact assessments, design decisions, and testing evidence
- Log approvals for exceptions and mitigations
- Include child privacy checks in release governance and incident response

*Recommended next step*

*Placement: near the end of the main content before related guides*

## Use UK GDPR Children and Age Appropriate Design as a cited research workflow

Research Copilot can take UK GDPR Children and Age Appropriate Design from getting cited answers and faster research on this topic to a reusable workflow inside Sorena. Teams working on UK GDPR can keep owners, evidence, and next steps aligned without copying this guide into separate documents.

- [Open Research Copilot for UK GDPR Children and Age Appropriate Design](/solutions/research-copilot.md): Start from UK GDPR Children and Age Appropriate Design and answer scope, timing, and interpretation questions with cited outputs.
- [Talk through UK GDPR](/contact.md): Review your current process, evidence gaps, and next steps for UK GDPR Children and Age Appropriate Design.

## Primary sources

- [ICO age appropriate design code](https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/childrens-information/childrens-code-guidance-and-resources/age-appropriate-design-a-code-of-practice-for-online-services/?ref=sorena.io) - Children's Code standards.
- [ICO AADC impact assessment template](https://ico.org.uk/media/for-organisations/documents/2615856/aadc-impact-assessment-v13.pdf?ref=sorena.io) - Child focused impact assessment template.
- [ICO guide to the data protection principles](https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/data-protection-principles/a-guide-to-the-data-protection-principles/?ref=sorena.io) - Principles and fine tiers guidance.
- [ICO UK GDPR guidance and resources](https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/?ref=sorena.io) - Primary ICO guidance hub.

## Related Topic Guides

- [IDTA vs EU SCCs | UK GDPR Transfer Tool Comparison](/artifacts/uk/general-data-protection-regulation/idta-vs-eu-sccs.md): Compare the UK IDTA, UK Addendum, and EU standard contractual clauses for UK GDPR transfer compliance, contract selection, and transfer risk assessments.
- [UK GDPR Applicability Test | Territorial Scope and Roles](/artifacts/uk/general-data-protection-regulation/applicability-test.md): Assess UK GDPR territorial scope, controller or processor role, special category triggers, and UK transfer exposure with a defensible applicability test.
- [UK GDPR Breach Notification | 72 Hour ICO Reporting Guide](/artifacts/uk/general-data-protection-regulation/breach-notification.md): Operational guide to UK GDPR breach notification, including the 72 hour ICO deadline, processor escalation, breach logging.
- [UK GDPR Checklist | Practical Compliance Checklist](/artifacts/uk/general-data-protection-regulation/checklist.md): Practical UK GDPR checklist for accountability, lawful basis, Article 30 records, processor contracts, rights handling, transfers, and breach readiness.
- [UK GDPR Compliance Program | Operating Model Guide](/artifacts/uk/general-data-protection-regulation/compliance.md): Build a UK GDPR compliance program with accountability, Article 30 records, DPIAs, controller processor contracts, rights operations, transfer controls.
- [UK GDPR Data Subject Rights | One Month Response Guide](/artifacts/uk/general-data-protection-regulation/data-subject-rights.md): Operational guide to UK GDPR data subject rights, including access, rectification, erasure, restriction, portability, objection.
- [UK GDPR Deadlines and Compliance Calendar](/artifacts/uk/general-data-protection-regulation/deadlines-and-compliance-calendar.md): Calendar view of UK GDPR milestones, including January 1, 2021 applicability, March 2022 transfer tools, one month rights deadlines.
- [UK GDPR FAQ | Practical Questions and Answers](/artifacts/uk/general-data-protection-regulation/faq.md): Practical UK GDPR FAQ covering scope, lawful basis, rights timing, breach reporting, transfers, children, and enforcement exposure.
- [UK GDPR Penalties and Fines | Enforcement Exposure Guide](/artifacts/uk/general-data-protection-regulation/penalties-and-fines.md): Guide to UK GDPR penalties and fines, including the 17.5 million pounds or 4 percent upper tier, the 8.7 million pounds or 2 percent standard tier.
- [UK GDPR Requirements | Control Level Requirements Guide](/artifacts/uk/general-data-protection-regulation/requirements.md): Control level UK GDPR requirements covering principles, lawful basis, transparency, rights, Article 30 records, security, contracts, transfers, and DPIAs.
- [UK GDPR Transfers, IDTA, and UK Addendum](/artifacts/uk/general-data-protection-regulation/transfers-idta-and-uk-addendum.md): Detailed UK GDPR international transfers guide covering adequacy, UK IDTA, UK Addendum, transfer risk assessments, vendor governance, and UK bridge reliance.
- [UK GDPR vs Data Protection Act 2018](/artifacts/uk/general-data-protection-regulation/uk-gdpr-vs-data-protection-act-2018.md): Compare the UK GDPR and the Data Protection Act 2018, including what the UK GDPR does directly and where the DPA 2018 supplements, restricts, or extends it.
- [UK GDPR vs EU GDPR | Practical Comparison](/artifacts/uk/general-data-protection-regulation/uk-gdpr-vs-eu-gdpr.md): Practical comparison of the UK GDPR and EU GDPR, including scope, transfers, regulators, adequacy, and operational divergence for multinational programmes.
- [UK vs EU GDPR Differences | Operational Differences List](/artifacts/uk/general-data-protection-regulation/uk-vs-eu-differences.md): Operational differences between the UK and EU privacy regimes, including transfer tools, adequacy lists, regulators, notices, and programme governance.


---

[Privacy Policy](https://www.sorena.io/privacy) | [Terms of Use](https://www.sorena.io/terms-of-use) | [DMCA](https://www.sorena.io/dmca) | [About Us](https://www.sorena.io/about-us)

(c) 2026 Sorena AB (559573-7338). All rights reserved.

Source: https://www.sorena.io/artifacts/uk/general-data-protection-regulation/children-and-age-appropriate-design