It believes the tools encourage users to share more personal data and spend more time on apps than desired.
Likes help build up profiles of users’ interests while streaks encourage them to send photos and videos daily.
The proposal is part of a 16-rule code.
Speaking to the BBC’s World At One , the Information Commissioner’s Office suggested that social media networks could avoid an outright ban on “likes” if they stopped collecting personal data when children engaged with them.
To ensure its success, the ICO added that online services must also adopt “robust” age-verification systems.
Location tracking
In addition to calling for restrictions on children being exposed to so-called “nudge techniques”, the ICO advocates internet firms make the following changes among others for their younger members:
- make privacy settings “high” by default
- switch location-tracking off by default after each session and make it obvious when it had been activated
- give children choices over which elements of the service they want to activate and then collect and retain the minimum amount of personal data
- provide “bite-sized” explanations in clear language about how users’ personal data is used
- make it clear if parental controls, such as activity-tracking, are being used
The ICO suggests that firms that do not comply with the code could face fines of up to 20 million euros (£17.2m) or 4% of their worldwide turnover under the General Data Protection Regulation.
“The internet and all its wonders are hardwired into their everyday lives,” commented Information Commissioner Elizabeth Denham.
“We shouldn’t have to prevent our children from being able to use it, but we must demand that they are protected when they do. This code does that.”
Her office is now seeking feedback as part of a consultation that will run until 31 May. It is envisaged that the rules would come into effect next year.
The Internet Association UK – which represents Facebook, Snap and other tech firms – has already raised concerns.
“Any new guidelines must be technically possible to implement in practice, and not stifle innovation and opportunities for smaller platforms,” said its executive director Daniel Dyball.
“We must be careful when designing regulation to ensure any technical challenges, particularly around age verification, are understood and taken into consideration.”
Bad nudges
Restrictions on Facebook’s like button – which registers a user’s interest in another user or advertiser’s post – and Snapchat streaks – which count the number of consecutive days two members have messaged each other – are not the only nudge behaviours being targeted.
The ICO also says that apps should not:
- show boxes where the Yes button is much bigger than that for No
- use language that presents a data-sharing option in a much more positive light than the alternative
- make it much more cumbersome to select the high-privacy option by, for example, requiring more clicks to turn it on
These, it said, exploit “human susceptibility to reward-seeking behaviours in order to keep users online”.
However, the regulator said it was appropriate in some cases to use nudges that encourage children to opt for privacy-enhancing settings, or to take a break after using an online service for some time.
The ICO’s rules follow a proposal from the Department for Digital, Culture, Media and Sport (DCMS) for the creation of an independent tech watchdog that would write its own “code of practice” for online companies.
The suggestions have already been welcomed by the National Society for the Prevention of Cruelty to Children (NSPCC).
“Social networks have continually failed to prioritise child safety in their design, which has resulted in tragic consequences,” commented the charity’s Andy Burrows.
“This design code from the ICO is a really significant package of measures, but it must go hand in hand with the government following through on its commitment to enshrine in law a new duty of care on social networks and an independent regulator with powers to investigate and fine.”
But the code has drawn criticism from the Adam Smith Institute think tank.
“The ICO is an unelected quango introducing draconian limitations on the internet with the threat of massive fines,” said its head of research Matthew Lesh.
“It is ridiculous to infantilise people and treat everyone as children.”
Analysis:
Rory Cellan-Jones, Technology correspondent
This new proposed code arrives a week after the sweeping new regulatory powers outlined in the government’s Online Harms White Paper and with much less of a fanfare.
But whereas the all-powerful regulator is unlikely to be in place for many months or even years, the Information Commissioner’s Office expects to get its Children’s Code of Practice into law this summer.
That means that Facebook and Instagram – among others – will need to think rapidly about whether their platforms risk breaking the new rules.
The ICO made clear this morning that its problem with “likes” and “streaks” is not the features themselves but how they are used to collect data and target children with advertising.
So, if the platforms want to hold on to what they regard as useful elements of the social media experience, they’ll have to show they work differently for children than for adults.
The other key demand from the data watchdog is to make the default privacy settings for platforms suitable for everyone including children.
That will mean adults having to opt in to the kind of data collection which is a key part of the business model of social media firms – so this code could pose a real threat to their bottom line.