What is the Age Appropriate Design Code of Practice?

By David Hendry

The Age Appropriate Design Code of Practice (AADCOP) is an extension of the Data Protection Act 2018 that affects providers of information society services (services delivered at a distance over the internet) that are likely to be used by children.

The AADCOP consists of 15 principles that must be adhered to by those required to comply with it.

The standards are not intended as technical standards, but as a set of technology-neutral design principles and practical privacy features. The focus of the code is to set a benchmark for the appropriate protection of children’s personal data. Different services will require different technical solutions.

If you provide any kind of information society service that is accessible to people under the age of 18 You must build the 15 principles set out in this code into your design processes from the start, as well as building them into subsequent upgrade and service development processes and into some of your data governance processes.

The code was approved by parliament in September 2020, organisations affected by the AADCOP must be able to demonstrate that they comply with it by 21/09/2021.

Failure to comply carries the same penalty as non-compliance with the GDPR, including fines of up to £17.5 million or 4% of prior year global annual turnover.

We are keen to determine the extent to which organisations are aware of and preparing for the AADCOP and have prepared a short survey to inform articles we are writing about this.  Please click on this link to take part.:


Further information about the AADCOP is available on the website of the Information Commissioner:https://ico.org.uk/about-the-ico/news-and-events/age-appropriate-design-code-blog/

Contact Us

Send us a Message

Data Protection Project
GDPR Gap Analysis/Audit/Review
Outsourced Privacy Officer/DPO
Support Desk
SAR Support
Cyber Maturity Assessment
NIS Regulations
Information Governance Documentation
DataWise System

We are always happy to make contact with you by either phone, email or a face to face meeting at our office or yours. We work standard UK office hours – every week day 0830 to 1730.


We have been advising those people who have contacted us that they should make a complaint to the Information Commissioner’s Office (ICO) using this link https://ico.org.uk/make-a-complaint/nuisance-calls-and-messages/spam-texts-and-nuisance-calls/.  It would be helpful to the ICO if you knew the number that called you, the date and time of the call and what the call seemed to be about.

You might also want to register your phone number with the telephone preference service (TPS), a national suppression service which should cut down calls of this nature as it is not lawful to make unsolicited direct marketing calls to numbers registered on the TPS.  You can register your number here https://www.tpsonline.org.uk/register.

We know that these kind of calls can be distressing and intrusive and you have our sympathy.  Please do not hesitate to contact us if you would like to discuss it with us otherwise we’d encourage you to report it to the ICO as notifying them of this kind of practice enables them to investigate and take enforcement action where necessary.  You can see the action that has been taken by the ICO here https://ico.org.uk/action-weve-taken/enforcement/.

Data Protection People Limited – March 2021