Describe compliance and proportionality measures, in particular: what is your lawful basis for processing? Does the processing actually achieve your purpose? Is there another way to achieve the same outcome? How will you prevent function creep? How will you ensure data quality and data minimisation? If you use AI, how will you avoid bias and explain its use? What information will you give individuals? How will you help to support their rights? What measures do you take to ensure processors comply? How do you safeguard any international transfers?
Guidance: See Annex C of the code– Lawful basis for processing for guidance on how to determine the lawful basis you can use when processing personal data.
Lawful bases for processing
- Performance of a contract with the data subject (Article 6(1)(b)GDPR): making available to parents or guardians the history of their child’s game play; delivering app content.
- Legitimate interests (Article 6(1)(f)GDPR): collection of game play data for analytics purposes (this data is anonymised immediately); administering and protecting our business and app (eg system maintenance and support, fixing problems, hosting of data). We have carried out legitimate interests assessments for all processing activities carried out on this basis.
Necessity and proportionality
We consider that our processing achieves the purposes set out in step 3 and does not go beyond what is reasonably necessary to achieve these purposes.
To ensure there is no function creep we only use data for the limited purposes explained in this DPIA.
We ensure data minimisation and proportionality by only collecting data that we need for a current specified purpose.
Guidance: You should be clear, open and honest with your users about what they can expect when they access your online service. Standard 4 of the code – Transparency sets out what the ICO is looking for:
“The privacy information you provide to users, and other published terms, policies and community standards, must be concise, prominent, and in clear language suited to the age of the child. Provide additional specific ‘bite-sized’ explanations about how you use personal data at the point that use is activated.”
We will publish good practice examples of transparency notices during the transition period of the code.
Transparency and data subject rights
In addition to the privacy notice which is aimed at adults, pop-up privacy information is also provided to children. This is in both age-appropriate text and video formats, including what data related to them is collected and processed.
We explain about individuals’ rights in our privacy notice and include an email address that individuals can use to contact us with any questions about their rights and to exercise their rights. There is also a contact button within the app itself. Our team members who deal with queries on data protection matters and requests to exercise data subject rights have received basic training on dealing with requests and are familiar with the guidance produced by the ICO and the FTC.
We use third-party processors, that provide us with services relating to storage, analytics and the serving and attribution of advertisements. We have entered into Article 28(3) GDPR terms with each of these third parties and also carried out appropriate security risk assessments.
We do not make any international transfers of personal data.
Describe how you comply with the age-appropriate design code: what specific measures have you taken to meet each of the standards in the code?
Best interests of the child: We have taken into account the interests and rights of the children that use our app, including the relevant codes and guidance mentioned in step 2. These interests and rights are reflected in the:
- very limited collection and processing of personal data carried out;
- safe and controlled monetisation methods (described above);
- limited social features (sharing with parent-approved members and turned off by default); and
- parental controls described in this DPIA.
All content the children see in our game is age-appropriate and is designed to support their learning, development and leisure in a safe environment.
Our retention strategy is focused on long-term retention, whilst encouraging players to leave the game regularly, including:
- the player being able to pause or exit the game at any point without losing progress;
- play sessions being designed to be around 90 seconds long after which the player has a clear option to exit; and
- the release of new themes being spread out over time.
The role of parents in protecting their children is recognised and supported through the parent screen.
Data protection impact assessments: We have carried out this DPIA which covers all processing activities carried out in connection with the app (both adult and child data). We keep this DPIA under review and are aware of the need to update it if we make any changes to our processing of personal data. We make the up-to-date version of this DPIA available on our website and refer to it in our privacy notice.
Age-appropriate application: The key aim of our app it is that it is age-appropriate, and we have focussed on this throughout the design process. We apply a high privacy approach suitable for our target age group to all players. We do not try to determine the age of our players and apply a different approach depending on age.
Detrimental use of data: We do not use personal data in any way that could be detrimental to a child’s or any other person’s well-being. The app follows gaming guidelines and codes set out by PEGI and the Office of Fair Trading.
Policies and community standards: We follow our terms and conditions and privacy notice and only use data in accordance with these documents.
Guidance: When you set community rules and conditions of use for users of your service, you need to actively uphold or enforce those rules and conditions. Standard 6 of the code – Policies and community standards confirms that your own published terms, policies and community standards includes, but is not limited to, privacy policies, age restriction, behaviour rules and content policies or standards you adhere to (eg PEGI ratings).
Default settings: Privacy settings for the app are at high-by-default. There are no options for these to be changed by players. The social feature is by default disabled, and can only be used if the parent sets up an approved group of people with whom the child can share game progress, achievements etc.
Data minimisation: We only collect and process the minimum amount of personal data we need for particular activities. Data about game-play, choices in the game etc is anonymised as soon as it is collected.
Data sharing: Data is shared with the third parties described under the heading ‘Data sharing’ in step 2.
Geolocation: We do not collect or use any geolocation data. This function is turned off with no option to turn on.
Parental controls: These are explained in detail under the heading ‘Parental controls’ in step 2 above. A parental overlay enables adults to set up the system. Additional parental controls are provided by platform level.
Profiling: We do not carry out any profiling.
Guidance: Profiling is defined under Article 4 UK GDPR as: “any form of automated processing of personal data consisting of the use of personal data to evaluate certain aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour location or movements.”
The Guidelines on automated individual decision-making and profiling for the purposes of Regulation 2016/679 state:
“Broadly speaking, profiling means gathering information about an individual (or group of individuals) and evaluating their characteristics or behaviour patterns in order to place them into a certain category or group, in particular to analyse and/or make predictions about, for example, their:
- ability to perform a task;
- interests; or
- likely behaviour.”
See Standard 12 of the code – Profiling for guidance on what you should do if you include profiling of children as part of your service:
“Switch options which use profiling ‘off’ by default (unless you can demonstrate a compelling reason for profiling to be on by default, taking account of the best interests of the child). Only allow profiling if you have appropriate measures in place to protect the child from any harmful effects (in particular, being fed content that is detrimental to their health or wellbeing).”
Nudge techniques: We do not use nudge techniques (eg to encourage children to keep playing, make purchases or buy subscriptions).
Connected toys and devices: Not applicable.
Online tools: Users and their parents can report concerns or ask questions easily from within the game. This function is available from the parents overlay screen and settings overlay screen.
Guidance: Online tools are mechanisms to help children exercise their rights simply and easily when they are online, such as complaints buttons. Standard 15 of the code – Online tools states that you should provide prominent and accessible tools to help children exercise their data protection rights and report concerns