Client Needs

An EU-based education company was designing and launching a high-profile education software application (App) to help school students under 18, teachers and parents to collaborate online and via the App to enhance the educational experience and learning outcomes. The App would be available on several App stores to students around the world. The company needed the App to adopt a compelling user experience (UX) and promote transparency by imbedding best practice data protection compliance, by design, for children and young people. The company also wanted to support data minimisation, children’s online safety, cybersecurity and trust.

 

PrivacySolved Services and Solutions

PrivacySolved held detailed consultations with the company and their developers to understand the target user experience, user journeys, learning outcomes and the key information to communicate with users. A Data Protection Officer was appointed to review the overall level of GDPR compliance and adherence to approved Codes of Practice. The UK Information Commissioner’s Office (ICO) Age Appropriate Design Code (Children’s Code of Practice) was used to review, benchmark and challenge key elements of the App’s design and planned uses. Specific focus was given to data protection by design, security by default, data minimisation (collection and retention), simple interfaces and accessible notices and information. PrivacySolved’s Legal and Regulatory Support Services led the project and ensured that a set of new Terms and Conditions, Data Protection Notice and GDPR Frequently Asked Questions (FAQs) were produced, consistently updated and finalised to incorporate stakeholder feedback. All documents, App and website interfaces used simple language to engage users under 13, their parents and guardians.  Legalistic language was avoided, and all documents, information and notices were as short as possible. We also helped the team and developers to check compliance with the legal, commercial; international, data protection and information security rules of each App store.

 

Results

The company used PrivacySolved’s integrated expertise and outputs to:

Reduce user authentication risks, age verification fails, spoofing and account misuse

Comply with GDPR, ICO Children’s Design Code and app security standards

Improve app transparency, data minimisation, security and online safely for children

Allow the App to launch on time, on budget in multiple languages and regions