Latest News

BANNER

Reddit hit with £14.47m fine for children’s privacy failures

By staff reporter

The Information Commissioner’s Office has fined social media site Reddit £14.47m after finding the company failed to use children’s personal information lawfully.

The firm was found to have failed to apply any robust age assurance mechanism and therefore did not have a lawful basis for processing the personal information of children under the age of 13. It also failed to carry out a data protection impact assessment to assess and mitigate risks to children before January 2025. These failures meant Reddit was using children’s data unlawfully, potentially exposing them to inappropriate and harmful content.

In July 2025, Reddit introduced age assurance measures that include age verification to access mature content and asking users to declare their age when opening an account. The ICO informed Reddit that relying on self-declaration presents risks to children as it is easy to bypass. The regulator is keeping Reddit’s processing of children’s personal information under review as part of ongoing work focusing on online platforms that primarily rely on self-declaration.

John Edwards, UK Information Commissioner, said: “It is concerning that a company the size of Reddit failed in its legal duty to protect the personal information of UK children. Children under 13 had their personal information collected and used in ways they could not understand, consent to or control. That left them potentially exposed to content they should not have seen. This is unacceptable and has resulted in this fine.

“Companies operating online services likely to be accessed by children have a responsibility to protect those children by ensuring they’re not exposed to risks through the way their data is used. To do this, they need to be confident they know the age of their users and have appropriate, effective age assurance measures in place. Reddit failed to meet these expectations. They must do better and we are continuing to consider the age assurance controls now implemented by the platform.

“Relying on users to declare their age themselves is not enough when children may be at risk and we are focusing now on companies that are primarily using this method. I therefore strongly encourage industry to take note, reflect on their practices and urgently make any necessary improvements to their platforms.”


Share Story:

YOU MIGHT ALSO LIKE

European product recall activity reaches new highs

Europe dominates list of most resilient countries – report

FERMA calls on EU to integrate risk and finance tools for climate resilience


BANNER

Resilience Rooted in Reality
In this podcast, CIR speaks to CLDigital’s Tejas Katwala about why organisations must move beyond checklist compliance to build living, data driven resilience. He explains how rethinking governance, risk and compliance, breaking down silos and focusing on value streams can create sustainable, real time resilience that is rooted in the way businesses actually operate today.

Building cyber resilience in a complex threat landscape
Cyber threats are evolving faster than ever. This episode explores how organisations can strengthen defences, embed resilience, and navigate regulatory and human challenges in an increasingly complex digital environment.

© 2019 Perspective Publishing     Privacy & Cookies