Finger reaches for the Reddit logo showing children's privacy fines

Reddit on the Hook for £14.47M in Children’s Privacy Fines Due To Inadequate Age Checks

Reddit has been assessed £14.47 million in fines by the UK Information Commissioner’s Office (ICO) due to failures to adequately age-gate children under 13, which in turn led to impermissible collection and use of their personal data as well as potential exposure to mature content. The penalty is one of the largest it has issued thus far, and the largest for a children’s privacy offense.

Reddit policy forbids users under the age of 13 from creating an account, but in practice there is virtually no barrier to doing so. Until recently the platform generally did not perform any sort of age verification under any circumstances and only requires a valid email address to sign up; there are age challenges before entering certain areas containing mature content, but in nearly all cases this merely requires being logged into an account and self-reporting one’s age.

Reddit plans to appeal children’s privacy fine, lambasts UK laws

The fine, which equates to about $19.52 million, comes after an extended ICO investigation dating back to 2018. The UK privacy watchdog notes that the platform had no real manner of age verification during this period until compliance with the Online Safety Act (OSA) forced it to add the self-reported age prompts in July 2025, but this still only essentially requires the user to be logged into a Reddit account with no guarantee of further challenges. The platform has said that it uses various “signals” to estimate the age of users without intrusion while protecting children’s privacy, as numerous other social media platforms now do, and since mid-2025 may challenge a user for a photo ID verification (via a third party service provider) if these signals flag them as potentially underage.

Reddit has additional age restrictions for users between the ages of 13 and 18. These users are not supposed to have their data collected for ad personalization in any way, are restricted from accessing “mature” or “NSFW” communities, have more restrictive chat settings aimed at limiting contact from strangers, and cannot be shown ads for “sensitive categories” such as gambling and alcohol. However, in practice, there is still little in the way of hard age checks for this group.

Though the UK already has some of the world’s more robust children’s privacy measures and stringent ID verification requirements, the country is mulling making internet limits for children even stricter. Reddit, which is headquartered in San Francisco, has responded to the enforcement action by framing its support for account anonymity as a broader issue of privacy and safety for all of its users. It has said it intends to challenge the ICO fine and does possess a right to appeal under UK law.

Reddit was additionally dinged by ICO for failing to carry out a data protection impact assessment prior to January 2025. This was mandated by the UK’s now-independent version of the GDPR for organizations thought to have a “high risk” of potential negative impact due to their processing of personal data.

Reddit fine among ICO’s largest to date

Reddit has since partnered with Persona to conduct photo ID checks when a user is flagged, the same company that in part caused Discord to go through the age verification wringer with its users in recent weeks. After abruptly announcing that photo IDs or video selfies would be mandatory to unlock full permissions for accounts in early February, Discord has backed off on the issue and punted to an unspecified point in the second half of 2026 as it re-evaluates other potential methods (including use of a credit card solely to determine age). User outrage was in part generated by Discord announcing Persona, which counts Peter Thiel’s venture capital firm as one of its key investors. Questions have been raised about Thiel’s Palantir and its connection to OpenAI for national security operations.

The fine is one of the largest issued thus far by ICO, and the largest specifically for children’s privacy issues. Other comparable fines include £12.7 million to TikTok in 2023 for similarly failing to properly age-gate users under 13, and £14 million to Capita Pension Solutions in 2025 for an earlier data breach that involved the records of about 6.6 million people. The Reddit fine is equal to well over half of the total £19.6 million in penalties ICO issued in 2025, which itself was a seven-fold increase from what it issued in 2024.

Fines may become even more frequent going forward as the UK government weighs new measures primarily aimed at large platforms considered “high impact” for both breaches and potential dissemination of private information. One example is legislation currently being developed to create a 48 hour requirement for platforms to take down sexualized deepfakes. The proposed addition to the Crime and Policing Bill, currently being evaluated by Parliament, would subject large platforms to penalties of up to 10% of annual turnover or even bans from operation in the UK should they fail to take down such content in a timely manner following a victim report.

 

Senior Correspondent at CPO Magazine