Reddit Fined $20 Million for Children’s Privacy Failures

The UK’s Information Commissioner’s Office (ICO) has fined Reddit £14.47 million ($19.6 million) after finding the company failed to use children’s personal information lawfully.

Key takeaways

• Reddit lacked robust age assurance measures and did not verify user age effectively until July 2025.
• Relying on self-declared age information exposed children to inappropriate content and meant there was no lawful basis for processing their personal data, according to the ICO.
• The platform also failed to conduct a Data Protection Impact Assessment before January 2025, as required under UK law.
• Reddit says it plans to appeal the fine, arguing that stricter age verification could conflict with its privacy principles.

Why Reddit got fined

Reddit’s terms of service prohibit children under 13, yet the platform had no meaningful way to actually check the age of people signing up or browsing content until mid-2025.

Without solid age verification, Reddit had no lawful basis to process children’s personal data under GDPR and related children’s privacy standards.

Reddit also failed to carry out a required Data Protection Impact Assessment (DPIA) focused on risks to children by 2025.

The ICO said these gaps left children under the age of 13 at risk of exposure to harmful or inappropriate content, and in a position where their data was used in ways they could not understand or control.

Recent improvements — such as age-checks before accessing mature content and age questions during signup — were introduced in July 2025, but still relied too much on self-declaration, the ICO said in a press release.

John Edwards, UK Information Commissioner, said:

It's concerning that a company the size of Reddit failed in its legal duty to protect the personal information of UK children. Children under 13 had their personal information collected and used in ways they could not understand, consent to or control. That left them potentially exposed to content they should not have seen. This is unacceptable and has resulted in today’s fine.

Strong focus on protecting minors online

This is one of the largest fines issued in the UK related specifically to children’s data privacy, and it comes amid heightened regulatory focus on protecting minors online under frameworks like the Online Safety Act 2023 and the ICO’s Age-Appropriate Design Code.

Regulators globally are emphasizing that platforms cannot merely prohibit underage users on paper — they must also have effective, verifiable mechanisms to enforce those rules and ensure that personal data of minors is handled lawfully and safely.

The ICO says it will push for further changes where platforms do not comply with the law or conform to the Children’s code.

The watchdog will work closely with Ofcom — the regulator for the communications services that Brits use and rely on daily — which has responsibility for enforcing the Online Safety Act, to ensure the efforts are coordinated.

Practical advice for consumers and parents

Even as regulators act, users and parents should take proactive steps:

• Understand privacy defaults: Check how apps and platforms handle age, data collection, and content access. Platforms may still let minors sign up if age checks are weak.
• Use supervised accounts or parental controls: Where possible, enable parental control tools on devices and accounts to limit access to age-inappropriate platforms and content.
• Teach digital safety early: Talk with children about the nature of personal data, why it matters, and why they should never share identifiable information online.
• Enable strong privacy settings: On any social platform, set profile and content visibility to the strictest options, and regularly review what data any app collects.
• Report policy violations: If you suspect a platform is mishandling data or allowing underage access, report it to platform support and, where applicable, your local data protection authority.

FAQ: Reddit fine & children’s privacy

• Why did Reddit get fined?
  The ICO found Reddit used children’s personal information unlawfully by failing to implement robust age assurance and by processing data without a lawful basis.
• Wasn’t Reddit always supposed to ban under-13s?
  Yes — Reddit’s terms of service already prohibited users under 13, but it didn’t have meaningful ways to enforce that policy until mid-2025.
• What is an age assurance mechanism?
  It’s a method to estimate or verify a user’s age before allowing access to certain content or services — something more reliable than simply asking someone to declare their age.
• Did Reddit respond to the fine?
  Reddit says it plans to appeal the decision, arguing that demanding additional personal information conflicts with its privacy principles.
• What legal standards did Reddit violate?
  The ruling refers to UK data protection law and the ICO’s Age-Appropriate Design Code, which imposes higher privacy standards for services likely to be used by children.

You may also want to read:

Discord Delays New Age Verification Rollout After Backlash

How Kids Bypass Age Verification Online and What Families Can Do About It

Elon Musk’s X Appeals €120 Million EU Fine Under Digital Services Act