The ICO exists to empower you through information.


Our recommendation to complete a best interest of the child self-assessment is to follow these four steps:

Step 1 - Understanding rights

Gain a deeper understanding of the rights children hold under the UNCRC, which you will need to consider to assess whether you are acting in their best interests.

Step 2 - Identify impacts

Consider how your use of children’s data impacts on their rights, mapping the demographics of children that use your services and how, why and when your service processes children’s data.

After this mapping you should identify any potential impacts you product or service might pose to the rights of the child. The best interests framework will help you understand how certain data processing activities can affect the rights of the child.

Step 3 - Assess impacts

Your assessment should consider the likelihood and severity of potential impacts to the rights of the child. Your assessment must be evidence based, you have freedom to use the approaches and evidence sources that are best suited to your context.

Our self-assessment risk tool helps you to assess code-related risk levels within your organisation.

Step 4 - Prioritise actions

Create a plan of action and prioritise how you are going to reduce the risks, and maximise the benefits, to children that have been highlighted in your assessment.

Page two on the self-assessment risk tool will help you here.

It is important to note that the steps in this guidance are not compulsory. You have the freedom to adapt the approach described to ensure it works in your context – as long as you can demonstrate that you have thoroughly considered the best interests of the child, and ensure this assessment informs your data protection impact assessment.