Okay - so, the Information Commissioner's Office (ICO), which is the UK's data watchdog, has recommended a 16-rule code for protecting the personal data of 'children' (defined as under-18s). It's being reported in the media as "Facebook could ban 'Likes' for under-18s"; however, in reality, it goes a lot further than that. Link to BBC News article: https://www.bbc.co.uk/news/technology-47933521 Link to the text of the proposal: https://ico.org.uk/media/about-the-...riate-design-code-for-public-consultation.pdf So, on my reading of the code so far, here is what I have gleaned so far: Most relevant to the headline and topic title, 'nudge techniques' and 'reward loops' may not be used to encourage children to provide more personal data than necessary; this is rule #12 of the 16-rule code. (However, the ICO clarified that the issue was not with the features in and of themselves, but with their use to collect personal data and pass it on to advertisers). Further, Rule #9 states that geolocation must be turned off by default unless there is a 'compelling reason' to have it active. Rule #2 states that, unless 'robust age verification' techniques are in place to allow users to prove that they are over 18, they are to be treated as though they are under 18. The code affects far more sites than Facebook: it applies to all 'Information Society Services' likely to be accessed by children (where 'Information Society Services' is defined as "any service normally provided for remuneration, at a distance, by electronic means and at the individual request of a recipient of services"). Now, I run a small forum as a hobby - so, I'm concerned as to how this might apply to me. To give a bit of background: I live in the UK; however, the server for the forum is based in the USA; I have a 'Likes' system (and a 'Reputation' system); however, I have no adverts at all, let alone targeted adverts based on Likes, so I'm unclear as to whether these would fall under the scope of Rule #12 of this code. Does the geolocation thing mean turning of collection of IP addresses? Because that would make IP bans impossible to enforce, and would make monitoring of potential troublemakers much more difficult. Since I'm just a hobbyist, implementing "robust age verification techniques" is not an option for me. So, what I really want to know is: assuming something like this enters UK law, what (if anything) would I need to do in order to comply with it?