Privacy & Cybersecurity Law Blog

On February 24, 2026, the UK Information Commissioner’s Office (the “ICO”) announced that Reddit, Inc. (“Reddit”) had been fined £14.47 million following an investigation by the ICO into the company’s handling of children’s personal information. The ICO found that Reddit failed to implement effective age assurance mechanisms, meaning the platform did not have a lawful basis for processing the personal data of users under 13 years of age. The ICO indicated that as a result, children’s data was collected and used unlawfully, exposing them to inappropriate and potentially harmful online content.

The ICO found that Reddit had not carried out a data protection impact assessment to evaluate and mitigate risks to children’s data protection rights prior to January 2025. Although Reddit’s terms of service prohibited children under 13 from using its platform, the company failed to enforce this restriction until July 2025, when it introduced age verification for mature content and began asking users to declare their age at account creation. The ICO, however, considered self-declaration an inadequate safeguard in this instance.

In determining the penalty, the ICO considered the number of children affected, the degree and duration of the infringement, the potential harm caused and Reddit’s global turnover. The ICO’s action forms part of a broader initiative aimed at improving the safety of children’s personal information online, and follows a recent fine issued to MediaLab and ongoing efforts to supervise social media and video-sharing platforms. For more information on the MediaLab fine, read our previous blog here.

The ICO has made clear that protecting children’s privacy online remains a top priority, aligning with the requirements of the Children’s Code. The Children’s Code sets out practical standards for online services likely to be accessed by children, ensuring that children’s best interests are central to the design of these services and that a high level of privacy is provided by default. According to the ICO, it continues to work in partnership with  the UK Office of Communications, the regulator responsible for the UK Online Safety Act, to coordinate efforts in safeguarding children in the digital environment.

Read the ICO’s press release here.