Tech giants face large fines if they fail to follow new child data and privacy protection measures that come into full force on Thursday.
The Age Appropriate Design Code sets out 15 standards that companies are expected to build into any online services used by children, making data protection of young people a priority from the design up.
These can stretch from apps and connected toys to social media sites and online games, and even educational websites and streaming services.
Location tracking, profiling, and use of nudge techniques that encourage users to provide unnecessary personal data, are among the features that must be switched off or limited.
The Information Commissioner, whose office devised and will enforce the rules, said the move is not about “age-gating” the internet nor “locking children out”.
“The internet was not designed with children in mind and I think the Age Appropriate Design Code will go a long way to ensure that kids have the right kind of experience online,” Elizabeth Denham told the PA news agency.
“I think it will be astonishing when we look back to ever think of a time when we didn’t have protections for children online because I think they need to be protected in the online world in the same way that they’re protected in the offline world.”
As the code is based on the back of GDPR, companies risk being fined up to £17.5 million or 4% of their annual worldwide turnover – whichever is higher – for serious failures.
The Information Commissioner’s Office (ICO) warned that it will probably take more severe action against breaches involving children where it sees harm or potential harm.
Companies were given a year to ensure their platforms adhere to the measures before a September 2 deadline, though several have scrambled to make last-minute changes in recent weeks.
Instagram recently announced it would require all users to provide their date of birth, while Google has introduced a raft of privacy changes for children who use its search engine and YouTube platform.
TikTok also began limiting the direct messaging abilities of accounts belonging to 16 and 17-year-olds, as well as offering advice to parents and caregivers on how to support teenagers when they sign up.
Andy Burrows, head of child safety online policy at the NSPCC, said: “It’s no coincidence that a flurry of tech firms have made child safety announcements on the eve of the children’s code coming into force.
“This landmark code shows that regulation works and that there is little doubt this UK leadership is having a global impact on the design choices of the sites such as Instagram, Google and TikTok.
“The Information Commissioner should now actively enforce the code and be prepared to take swift action against companies who fail to build and run services with the best interests of children in mind.
“Backed up by an ambitious Online Safety Bill that comprehensively tackles child sexual abuse, the children’s code can fundamentally change how companies design their sites so they become truly safe for children.”
Baroness Kidron, chairwoman of children’s safety group the 5Rights Foundation, told PA the move would make a “material difference” to young people who have been the “invisible demographic” in terms of online data protection.
“We need the Online Safety Bill, we need algorithmic oversight, we need a more receptive culture from the sector, but this is a landmark moment,” she said.
“And I would just say, as a warning, if there are people who think this is only about the usual suspects of Facebook, Google, YouTube, Snapchat, Twitter and so on, it’s not.
“So I do call out the gaming sector, who we have heard a lot less from, and I do call out ecommerce, and some of the other people who think they can hide in the shadow of the big boys.
“That is not going to happen, we are watching and we will be looking to see what people do.”