Do you adhere to the Age Appropriate Design Code?

      Do you adhere to the Age Appropriate Design Code?


        Article summary

        The ICO Age Appropriate Design Code of practice (also known as “the Children’s Code”) came into force in September 2020 and sets out standards that certain online services must comply with when providing online services to children. We adhere to the  code, an analysis of its application in Sparx can be seen below:

        Age Appropriate Design standardExplanationCompliance with standard
        Best interests of the childThe best interests of the child are the primary consideration when you design and develop online services likely to be accessed by a child.

        Sparx Reader is a complete solution that supports teachers in planning, delivering and reviewing reading homework. It is made available to secondary schools on a subscription basis. Sparx Reader has been developed with the aim of improving students’ confidence in reading.

        Data protection impact assessmentsUndertake a DPIA to assess and mitigate risks to the rights and freedoms of children who are likely to access your service, which arise from your data processing. Take into account differing ages, capacities and development needs and ensure that your DPIA builds in compliance with this code.

        Sparx Reader implements privacy by design and default in accordance with an internal privacy strategy which ensures that commercial decisions are underpinned with a strong and well-supported set of privacy considerations.

        Sparx Reader acts as a data processor on behalf of schools and school groups. Our Data Handling Agreement contains details of the processing undertaken on schools’ instructions (Section C of the Terms & Conditions). This includes a commitment that Sparx Reader will assist schools and school groups (as data controllers) to demonstrate their compliance with GDPR in respect of their use of Sparx Reader.

             

        Age appropriate application 

                          

        Take a risk-based approach to recognising the age of individual users and ensure you effectively apply the standards in this code to child users. Either establish age with a level of certainty that is appropriate to the risks to the rights and freedoms of children that arise from your data processing, or apply the standards in this code to all your users instead.

        Schools share the personal information of students with us in connection with the delivery of Sparx Reader (for example, account creation). This includes month and year of birth which is obtained by direct integration with schools’ MIS to ensure data accuracy. Our student facing platform has been designed for use by secondary age students.

        Transparency

        The privacy information you provide to users, and other published terms, policies and community standards, must be concise, prominent, and in clear language suited to the age of the child. Provide additional specific ‘bite-sized’ explanations about how you use personal data at the point that use is activated.

        Full privacy information is provided in a format suitable for older children and adults in the Sparx Learning Privacy Notice for Schools. We also have a short privacy video for students which provides another means of explaining privacy information to them in an accessible format.



        Detrimental use of data



        Do not use children’s personal data in ways that have been shown to be detrimental to their wellbeing, or that go against industry codes of practice, other regulatory provisions, or Government advice.


        With respect to

        • Processing to deliver the service: Sparx Reader is designed to have a positive impact on users’ reading attainment and confidence. Processing of personal information is in accordance with this aim.
        • Marketing and behavioural advertising: Sparx Reader advertising and marketing activity targets staff and senior management at schools and Multi Academy Trusts, not students.

        Policies and community standards

        Uphold your own published terms, policies and community standards (including but not limited to privacy policies, age restriction, behaviour rules and content policies).

        Policies and terms are made available online. They are regularly reviewed and updated.

        Default settings

        Settings must be ‘high privacy’ by default (unless you can demonstrate a compelling reason for a different default setting, taking account of the best interests of the child).

        Users are not able to see other user’s data. We do not have any in-product privacy settings - ‘high privacy standing’ is adopted by design and default.


        Data minimisation

        Collect and retain only the minimum amount of personal data you need to provide the elements of your service in which a child is actively and knowingly engaged. Give children separate choices over which elements they wish to activate.


        Only personal information necessary for the provision of the service are mandatory data fields. Sparx Reader is a business-to-school product and therefore we cannot give children separate choices over which elements they wish to activate - this is determined by their school.


        Data sharing


        Do not disclose children’s data unless you can demonstrate a compelling reason to do so, taking account of the best interests of the child.

        Personal information only shared with support companies and is not further disclosed. Access to personal information is minimised within Sparx Reader.

        Geolocation

        Switch geolocation options off by default (unless you can demonstrate a compelling reason for geolocation to be switched on by default, taking account of the best interests of the child), and provide an obvious sign for children when location tracking is active. Options which make a child’s location visible to others should default back to ‘off’ at the end of each session.

        Geolocation data is not collected.




        Parental controls


        If you provide parental controls, give the child age appropriate information about this. If your online service allows a parent or carer to monitor their child’s online activity or track their location, provide an obvious sign to the child when they are being monitored.

        Sparx Reader is made available to students via their schools. Teachers direct students’ use of Sparx Reader.

        Profiling

        Switch options which use profiling ‘off’ by default (unless you can demonstrate a compelling reason for profiling to be on by default, taking account of the best interests of the child). Only allow profiling if you have appropriate measures in place to protect the child from any harmful effects (in particular, being fed content that is detrimental to their health or wellbeing).

        Sparx Reader provides individualised reading education and utilises profiling as the basis of this provision. The evidence collected to date has demonstrated this approach benefits reading attainment and produces a positive impact on users.



        Nudge techniques

        Do not use nudge techniques to lead or encourage children to provide unnecessary personal data or turn off privacy protections.

        Sparx Reader does not contain any nudge techniques that encourage sharing of personal information.

        Connected toys and devices

        If you provide a connected toy or device, ensure you include effective tools to enable conformance to this code.

        No connected toys or devices are provided by Sparx Reader. Mobile and web have the same privacy settings.


        Online tools

        Provide prominent and accessible tools to help children exercise their data protection rights and report concerns.

        Schools act as the data controller and as such respond to students concerns and requests relating to their data subject rights. Sparx Reader assists schools with this where requested.


        Was this article helpful?