Under-18s in UK face 'Like' limits; what does this mean for forums?

Discussion in 'Site Security & Legal Issues' started by Kyng, Apr 15, 2019.

  1. Kyng

    Kyng Neophyte

    Okay - so, the Information Commissioner's Office (ICO), which is the UK's data watchdog, has recommended a 16-rule code for protecting the personal data of 'children' (defined as under-18s). It's being reported in the media as "Facebook could ban 'Likes' for under-18s"; however, in reality, it goes a lot further than that.

    Link to BBC News article:

    Link to the text of the proposal:

    So, on my reading of the code so far, here is what I have gleaned so far:
    • Most relevant to the headline and topic title, 'nudge techniques' and 'reward loops' may not be used to encourage children to provide more personal data than necessary; this is rule #12 of the 16-rule code. (However, the ICO clarified that the issue was not with the features in and of themselves, but with their use to collect personal data and pass it on to advertisers).
    • Further, Rule #9 states that geolocation must be turned off by default unless there is a 'compelling reason' to have it active.
    • Rule #2 states that, unless 'robust age verification' techniques are in place to allow users to prove that they are over 18, they are to be treated as though they are under 18.
    • The code affects far more sites than Facebook: it applies to all 'Information Society Services' likely to be accessed by children (where 'Information Society Services' is defined as "any service normally provided for remuneration, at a distance, by electronic means and at the individual request of a recipient of services").
    Now, I run a small forum as a hobby - so, I'm concerned as to how this might apply to me. To give a bit of background:
    • I live in the UK; however, the server for the forum is based in the USA;
    • I have a 'Likes' system (and a 'Reputation' system); however, I have no adverts at all, let alone targeted adverts based on Likes, so I'm unclear as to whether these would fall under the scope of Rule #12 of this code.
    • Does the geolocation thing mean turning of collection of IP addresses? Because that would make IP bans impossible to enforce, and would make monitoring of potential troublemakers much more difficult.
    • Since I'm just a hobbyist, implementing "robust age verification techniques" is not an option for me.

    So, what I really want to know is: assuming something like this enters UK law, what (if anything) would I need to do in order to comply with it?
    • Like Like x 1
    • Informative! Informative! x 1
    • List
  2. zappaDPJ

    zappaDPJ Administrator

    Welcome to TAZ KyngKyng.

    I'm also based in the UK and I have to say I was rather alarmed to read about these proposals. I think it is important to remember that at this point in time they are just proposals so in the short term we need do nothing. If they should pass into law then I'd say they are aimed at large social media platforms so the majority of forums are likely to fall under the radar.

    That said it seems this is just one of a number of worrying trends we are seeing in the UK. The phrase 'cash cow' comes to mind.
    • Like Like x 1
    • Agree Agree x 1
    • List
  3. Joel R

    Joel R Fan

    I saw.this article yesterday in my news feed. To begin with, this is just a proposal and only targeted at social media sites.

    If anything, this is a clear repudiation of social networks in general by the ICO. They recommend the highest privacy levels as default, they recommend no geolocation as default. Broadcasting everything and everywhere is like ... The point of social networks.
  4. Nev_Dull

    Nev_Dull Anachronism

    This looks like another in the growing list of reactionary proposals that are forming the new "me too" movement across governments. They seem to think they should do something about social media because of the bad press lately, but have no idea what to do. So they come up with these policies which sound productive to the uniformed, and have the potential to generate some revenue.
  5. Kyng

    Kyng Neophyte

    Yeah, it is very concerning >_< .

    Anyway, I've convinced myself that the 'Like' feature, at least in the manner that I use it on my board, wouldn't be covered by this. The reason is, this code doesn't appear to be a set of new laws in and of itself, but instead it's a series of recommendations on how to stay in line with the GDPR. Since I'm not using the 'Like' feature to collect personal data and sell it to advertisers, my use of the 'Like' feature would fall outside the scope of the GDPR (and therefore, outside the scope of this proposed code).

    I'm still a bit bothered by the geolocation thing, though. Assuming that abuse prevention counts as a "compelling reason", I guess I would just need to make it immediately clear to people that the board software collects this data automatically (I do already have a Privacy Policy which states this, but I'm guessing that isn't clear enough for the purposes of this code?)
  6. Wes of StarArmy

    Wes of StarArmy Adherent

    I like the governments are taking privacy and big data corporations seriously (I don't like all of these proposals but I think GDPR was a good one that helps regular people)...however I've basically decided that due to various legal issues (like being able to consent to Terms of Use agreements regarding content) that my forum will be limited to use by adults only starting in 2021 (Currently my site is 16+ and I'm allowing exiting members who are 16 and 17 to "age up" but not accepting more of them).
  7. zappaDPJ

    zappaDPJ Administrator

    At least we can be sure that our data is safe in their hands as far as the government department responsible for data protection laws in the UK is concerned...


    So the government department responsible for data protection laws in the UK is evaluating whether they were in breach of data protection law :confused:

    You couldn't make it up.
  8. TheChiro

    TheChiro Devotee

    Sounds about right. Have had quite a bit of that in the US semi recent. "We acknowledge said incident happened and we are conducting a self evaluation to see if we should be fined and reprimanded for negligence". Typical government departments. Do as I say, not as I do.

    I'm sure, like the GDPR, there will be numerous loopholes for big social media sites (and us forum owners).
  9. MagicalAzareal

    MagicalAzareal Magical Developer

    TOS: Only users over the age of 16 may register.
    And they'll probably ignore that and register anyway. This is pretty much what already happens.

    The nanny state loves passing loads of completely ineffective laws which do nothing but waste the time of the police which they could be using on dealing with real problems like gang violence.

    Make no mistake, just about every site outside of the UK will completely ignore this law like everyone did to the cookie law for many years. This just gives start-ups yet another reason to go elsewhere.
    IP Addresses can be used to infer the city someone is in fairly easily with a MaxMind GeoIP database. You could consider that a kind of geolocation.

    The sort of geolocation you generally see on social networks though is when you make a post and there's a bit of public metadata saying that it was posted from x. I really don't like that, but they could word against that a lot better by making it non-public.

    Also, occasional purges of IP Addresses in the system should be done, provided that it's over 90 days old, so that people can't pull up historic data on someone's location when compromising a site's database. Not in the law, but I think is important.
    Last edited: May 4, 2019
Draft saved Draft deleted
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.