The Information Commissioner’s Office (ICO) has announced a new monitoring programme examining 10 popular mobile games to assess how well they protect children’s personal data. With around 90% of UK children playing games on digital devices, the regulator is extending its Children’s Code work into the mobile gaming sector, which it considers potentially “especially intrusive” for young users.
This follows progress the ICO has already secured across social media and video sharing platforms. The new review will assess games’ compliance with the Children’s Code and UK GDPR, focusing on:
- Default privacy settings
- Use of geolocation data
- Targeted advertising practices
- Any additional privacy risks identified during monitoring
Recent ICO research shows high parental concern around data collection, exposure to strangers, and ad targeting in mobile games - reinforcing the regulator’s intervention
Get in touch
Key takeaways
Gaming is now firmly in scope: The ICO is extending Children’s Code enforcement beyond social and video platforms. Mobile game developers, publishers and ad tech partners should expect scrutiny.
High privacy defaults are essential: Services accessible to children should ensure that privacy settings start at the most protective level.
Geolocation remains high risk: Location tracking functions require clear justification, strong controls and transparency.
Age assurance remains a priority: The ICO expects proportionate and effective measures where platforms are likely to be accessed by under 18s.
Enforcement is active: Recent investigations and penalty notices show the ICO’s willingness to act.
Final thoughts
The ICO’s initiative signals a continued tightening of expectations around children’s online privacy. Mobile gaming - often overlooked compared to social platforms - is now a regulatory priority.
Key implications for organisations include:
- Privacy by design is critical: Games relying on engagement mechanics or behavioural tracking must revisit these features for child users
- Age gates alone are insufficient: If children are likely to access a service, additional safeguards may be required
- Ad supported models may need adjustment: Profiling based advertising and third party trackers pose heightened regulatory risk
- Global businesses must adapt for the UK: The Children’s Code applies wherever UK children are likely to use a service, regardless of the publisher’s location
Overall, organisations that proactively adopt child friendly design, strong privacy defaults and transparent data practices will be best placed to meet the ICO’s expectations and manage regulatory risk.
The content of this page is a summary of the law in force at the date of publication and is not exhaustive, nor does it contain definitive advice. Specialist legal advice should be sought in relation to any queries that may arise.
Related expertise
Law Firm of the Year
We are proud to have been named Law Firm of the Year at the prestigious Legal Business Awards 2024!
Legal Business is the market-leading monthly magazine for the UK and global legal market. Its readership spans the UK, Europe, Asia and the US, and the awards celebrate the very best in the legal profession.
This win is absolute recognition for all the hard work across the firm over the past year.
Contact us today
Whatever your legal needs, our wide ranging expertise is here to support you and your business, so let’s start your legal journey today and get you in touch with the right lawyer to get you started.
Get in touch
For general enquiries, please complete this form and we will direct your message to the most appropriate person.