Reddit fined $19.6 million over age verification checks in the UK
Source: Engadget
Background
A common theme in online age verification laws is the tension between user privacy and preventing children from accessing harmful or inappropriate content. The UK’s Information Commissioner’s Office (ICO) has now fined Reddit £14.5 million ($19.6 million) for alleged violations involving children’s data.
In July 2025, Reddit began requiring age verification to access adult content in the UK, in compliance with the Online Safety Act. The verification is intended to block users under 18 from sexually explicit, violent, or otherwise mature posts. Users under 13 are prohibited from using the platform altogether, but enforcement relies only on a self‑declaration at sign‑up—a method the ICO described as “easy to bypass.”
ICO Findings
UK Information Commissioner John Edwards wrote that children under 13 had their personal information collected and used in ways they could not understand, consent to, or control. He warned that this left them “potentially exposed to content they should not have seen,” deeming the practice unacceptable and resulting in today’s fine.
The ICO also noted that Reddit failed to conduct a Data Protection Impact Assessment (DPIA) by the January 2025 deadline and that its age‑assurance measures were insufficient.
“It’s concerning that a company the size of Reddit failed in its legal duty to protect the personal information of UK children,” Edwards said. “Companies operating online services likely to be accessed by children have a responsibility to protect those children by ensuring they’re not exposed to risks through the way their data is used.”
Reddit’s Response
Reddit told the BBC that it didn’t require users to share information about their identities, regardless of age, because it is deeply committed to privacy and safety. The company announced it would appeal the decision, stating:
“The ICO’s insistence that we collect more private information on every UK user is counterintuitive and at odds with our strong belief in our users’ online privacy and safety.”
Implications
The fine underscores the ICO’s expectation that platforms implement effective age‑assurance controls and conduct timely DPIAs. It also signals heightened regulatory scrutiny of how online services handle data from minors.
Fine Context
According to The Guardian, the £14.5 million penalty is the third‑largest ever imposed by the ICO. It follows a £20 million fine on British Airways for a data‑breach disclosure and an £18.4 million penalty on Marriott Hotels for exposing over 300 million customer records in a hack.
Sources