The ICO exists to empower you through information.

An effective children’s best interests assessment requires a detailed and nuanced understanding of how, why and when your service processes children’s data. It should also cover the service features that shape how children and parents understand and engage with this processing. This mapping lays the groundwork for you to reflect on potential benefits and risks to children’s rights. It also helps you to scope out service changes that can address any issues you identify.

Mapping and describing your data processing is an integral and established part of the DPIA process. The code DPIA standard sets out questions and activities to consider for this mapping, and describing the nature, scope, context and purpose of the processing. Our detailed guidance on DPIAs provides further information on this process.

Mapping service privacy features and children’s user experiences are necessary to consider how you conform with the design-related standards within the code. These standards, and the service features that you should consider within them, are outlined in Annex A.

Tools and further resources

For guidance and artefacts for mapping your online service, see our design guidance on creating data privacy moment maps.