The UK’s data protection authority, the Information Commissioner’s Office (ICO), has fined Reddit £14.47 million for significant shortcomings in handling children’s personal information. This penalty follows an investigation revealing that Reddit failed to implement adequate age assurance mechanisms and lacked a lawful basis for processing data from children under 13.
UK data protection laws mandate special protection for children’s information. The ICO discovered that Reddit did not have effective systems to verify users’ ages until July 2025, despite its terms of service barring under-13s from accessing the platform. Additionally, the regulator found that Reddit did not conduct a data protection impact assessment (DPIA) addressing risks to children until January 2025, even though users aged 13 to 18 were allowed to join.
John Edwards, the UK Information Commissioner, labelled these failings as unacceptable, stating, “Children under 13 had their personal information collected and used in ways they could not understand, consent to or control.” He emphasised that relying on users to self-declare their age is insufficient, given the potential risks to children.
In July 2025, Reddit introduced new measures, including age verification for accessing mature content and requiring users to declare their age upon account creation. However, the ICO cautions that self-declaration alone is risky, as it can be easily bypassed. The regulator intends to continue monitoring Reddit’s methods as part of broader enforcement activities targeting online platforms that primarily depend on self-declared ages.
The fine reflects the number of children potentially affected, the duration of the failings, and Reddit’s global turnover. This action by the ICO is part of its ongoing oversight of platforms under the UK’s Age Appropriate Design Code, also known as the Children’s Code, which outlines standards for services likely accessed by under-18s.
The regulator has affirmed that safeguarding children’s privacy online remains a priority and confirmed collaboration with Ofcom, which enforces the Online Safety Act, to ensure coordinated oversight of digital platforms. This decision highlights the increasing scrutiny of tech companies operating in the UK, particularly concerning age verification and the lawful processing of children’s data.
