UK Regulator Fines Reddit €16 Million Over Child Data Protection Failures
Information watchdog says platform relied on self-declared ages, exposing minors to harmful content
The UK’s data protection authority has fined Reddit more than £14 million (€16 million), concluding that the platform failed to adequately safeguard children and allowed their personal data to be collected without proper protections.
Following an investigation, the Information Commissioner's Office determined that Reddit did not implement sufficiently robust age-verification systems. Instead, the company relied largely on self-declaration, allowing users to input their age without further checks — a method the regulator described as inadequate when minors may be at risk.
According to the ICO, this approach meant that children under 13 were able to access the platform and have their personal information collected in circumstances where they could not meaningfully understand, consent to, or control how that data was used. The watchdog also said the lack of effective safeguards left young users potentially exposed to inappropriate or harmful content.
UK Information Commissioner John Edwards said the findings highlighted serious shortcomings. He stated that children’s personal data had been processed in ways they were not equipped to comprehend and that this situation was unacceptable. Edwards added that platforms cannot rely on users to honestly declare their age when the risks to minors are significant.
The penalty represents one of the more prominent enforcement actions under the UK’s data protection framework and signals a stricter stance toward social media companies operating in the country. The regulator indicated that companies using what it described as an “honour system” for age checks should urgently reassess their compliance measures.
Reddit has said it plans to appeal the decision. In a statement to Euronews Next, the company argued that it does not require users to provide identity information regardless of age, emphasizing its commitment to privacy and safety. It also criticized the regulator’s position, saying that requiring the collection of additional personal data from UK users would be counterintuitive and inconsistent with its privacy principles.
The case adds to growing scrutiny of how online platforms verify users’ ages and handle minors’ data. As regulators across Europe intensify oversight of digital services, the ruling is likely to be watched closely by other technology firms navigating similar compliance challenges.