Facebook and Google will be forced to introduce strict age checks on their websites or assume all their users are children.

Web firms that hoover up people's personal information will have to guarantee they know the age of their users before allowing them to set up an account.

Age checks are expected to be on a sliding scale depending on the webpages or websites a child wants to enter - from a tick-box system to an electronic passport type system where the person must use ID to prove their age.

Companies that don't face fines of up to four per cent of their global turnover – £1.67 billion in the case of Facebook.

The age checks are part of a tough new code being drawn up by the Information Commissioner's Office (ICO), which is backed by existing data protection laws and will come into force as early as the autumn.

Facebook and Google (file photo) will be forced to introduce strict age checks on their websites or assume all their users are children

The code also aims to stop web firms bombarding children with harmful material, a problem highlighted by the case of Molly Russell, 14, who killed herself after Instagram allowed her to see self-harm images.

Experts claim it will have a 'transformative' effect on social media sites, which have been accused of exposing young people to dangerous material, bullying and predators. It includes rules to help protect children from paedophiles online.

Facebook will be forced to ensure its pages and settings are child-appropriate but in Google's case it is not clear if the age checks will relate to all websites found via the search engine or only ones people have to subscribe to.

The ICO, which has a responsibility to protect children online, has not set out how the code will be enforced, including whether web giants will be self-policing or if the public will be responsible for reporting breaches.

The new code will be enforced using section 123 of the Data Protection Act 2018, which was completed in December last year.

Under the new code:

Tech firms will be banned from building up a 'profile' of children based on their search history, and then using it to send them suggestions for material such as pornography, hate speech and self-harm;

Children's privacy settings must automatically be set to the highest level;

Geolocation services must be switched off by default, making it harder for paedophiles to target children based on their whereabouts;

Tech firms will not be allowed to include features on children's accounts designed to fuel addictive behaviour, including online videos that automatically start one after the other, notifications that arrive through the night, and prompts nudging children to lower their privacy settings.

Once the new rules are implemented, children could be asked to prove their age by uploading their passport or birth certificate to an independent verification firm. This would then give them a digital 'fingerprint' which they could use to demonstrate their age on other websites.

Alternatively, the tech firms could ask children to get their parents' consent, and have the parents prove their identity with a credit card.

Companies that don't guarantee they know the age of their users face fines of up to 4 per cent of their global turnover – £1.67 billion in the case of Facebook (file photo)

If the web giants cannot guarantee the age of their users, they will have to assume they are all children – and dramatically limit the amount of information they collect on them, as set out in the code.

At present, a third of British children aged 11 and nearly half of those aged 12 have an account on Facebook, Twitter or another social network, Ofcom figures show.

Many youngsters are exposed to material or conversations they are too young to cope with as a result.

What is the ICO and what are its powers? The Information Commissioner's Office (ICO) upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals. It is a non-departmental public body which reports directly to Parliament and is paid for by the Department for Digital, Culture, Media and Sport (DCMS). The office investigates issues including spam emails, data consent to companies, political campaign practices and individuals' rights to information. They also advise companies on data protection issues and investigate firms not thought to be complying. The ICO has the power to hand out huge fines, of up to four per cent of companies' global turnover. Advertisement

ICO deputy commissioner Steve Wood said: 'We are going to be making it quite clear that there is a reasonable expectation that companies stick to their own published terms and policies, including what they say about age restrictions.'

Baroness Beeban Kidron, who tabled a House of Lords amendment which ensured the new code was drawn up and put into law, added: 'I expect the code to say: 'You may not, as a company, help children find things that are detrimental to their health and well-being'. That is transformative. This is so radical because it goes into the engine room, into the mechanics of how businesses work and says you cannot exploit children.'

The rules will come into force by the end of the year, and will be policed by the ICO, which has the power to hand out huge fines.

It will also use its powers to crack down on any web firm that does not have controls in place to enforce its own terms and conditions.

Companies that say they ban pornography and hate speech online will have to show the watchdog they have reporting mechanisms in place, and that they quickly remove problem material.

Firms that demand children are aged 13 or above – as most web giants do – will also have to demonstrate that they strictly enforce this policy.

At the moment, web giants such as Facebook simply ask children to confirm their age by entering their date of birth without demanding proof.