Social media companies may have to stop allowing children using functions such as the "like" button as part of rules proposed by the U.K.'s data regulator.
The Information Commissioner's Office (ICO) has started a consultation process on standards that online services must meet to protect children's privacy and published a 16-point draft code of practice on Friday.
It warns companies not to use "positive reinforcement techniques," that encourage children to stay on social media, so the site or app can collect data on them. The ICO states that these nudge methods include "likes" and "streaks" —Facebook, Instagram, YouTube and Twitter users can "like" posts, while those on Snapchat can take part in streaks - messages sent between two friends over three consecutive days.
"You should not use nudge techniques to lead or encourage children to activate options that mean they will give you more of their personal data, or turn off privacy protections," the regulator said.
"The employment of nudge techniques in the design of online services can be used to encourage users, including children, to provide an online service with more personal data than they would otherwise volunteer," it added.
"Similarly, it can be used to lead users, particularly children, to select less privacy enhancing choices when personalizing their privacy settings. Or spend more time than they intend on a particular service."
Using such techniques are "based on the exploitation of human psychological bias" and go against the General Data Protection Regulation (GDPR), a European data law that came into effect in May 2018, the ICO says.
It is in social media firms' interest to have people spend more time on their apps as they can collect data on what they do as well as attract advertising. For example, Snapchat's new ad-supported gaming platform was welcomed by advertisers as a way to increase the time spent on the app when parent company Snap announced new functions earlier this month.
The ICO's document also makes the case for social media firms to have location options off by default when children are using their apps, as well as make their services "high privacy" by default. The ICO also published research showing that teenagers would prefer higher privacy settings. "Everything should be set to private and then you can change it for what you want to share," one teen said.
Under the U.K.'s Data Protection Act 2018, the ICO is required to produce a code of practice for online firms to follow when designing for children, including services that are likely to process their personal data. Companies that break the law face fines of up to £17 million ($22.3 million), or 4 percent of global turnover.
The draft code of practice is out for consultation until May 31 and is expected to come into effect before the end of the year.