Two major platforms, one shared issue: how to protect children online without creating new privacy risks.
Last month, the UK’s data watchdog fined Reddit £14.47 million for unlawfully processing children’s data. At the same time, Discord delayed its global age verification rollout after significant user backlash.
Together, the stories highlight a growing tension at the heart of digital regulation. How do platforms prove users’ ages without collecting more sensitive data than they can safely protect?
Reddit fined £14.47m over child data failings
The £14.47m penalty was issued by the Information Commissioner’s Office (ICO), which found that Reddit failed to properly assess and verify the ages of its users between May 2018 and July 2025.
Although Reddit’s terms stated that under-13s were not allowed on the platform, the ICO concluded there were likely “a large number” of children under 13 using the service. As a result, Reddit was found to have processed children’s personal data without a lawful basis.
Under UK data protection law, organisations must take extra care when handling children’s data. The regulator said platforms likely to be accessed by children must have effective age assurance measures in place. Simply asking users to self-declare their age was described as “easy to bypass”.
Reddit began introducing age verification measures in July 2025 to comply with the Online Safety Act and has indicated it intends to appeal.
Discord delays global age verification after backlash
While Reddit has been fined for not doing enough, Discord is facing criticism for potentially doing too much.
The platform had planned to roll out stricter global age verification, potentially requiring some users to submit a video selfie or government ID.
Following weeks of user concern, Discord has now delayed the full rollout until later this year.
Discord says fewer than 10% of users are expected to need formal verification and stresses that it already uses an internal “age determination” system based on account history and behavioural signals. However, trust is fragile.
In October 2025, Discord confirmed a breach affecting users who had contacted support. Exposed data reportedly included user names, emails, billing details, partial credit card numbers, messages exchanged with support, and some ID images. More recently, reports suggested that an age-assurance vendor used in UK testing had left thousands of files exposed online. Although Discord distanced itself from that partner, concerns about supply chain security remain.
It is in that context that users are questioning whether platforms can be trusted to hold even more sensitive identity data.
The bigger issue: digital identity and trust
Age verification is not inherently wrong, and protecting young people online is essential.
But every new layer of identity verification increases the volume of highly sensitive data being processed: facial scans, behavioural profiling, government IDs, metadata and device signals.
And repeated breaches across the tech sector show that compliance on paper does not always equal protection in practice.
The question is no longer just whether platforms can verify age. It is whether they can do so securely, transparently and proportionately.
At Join the Claim, we believe digital identity data deserves stronger safeguards, not just reassurances after something goes wrong. That is why we are continuing to call for:
- Full transparency over where data is stored
- Immediate and full disclosure of any breach attempts
- Independent annual security audits
- Strict limits on data sharing, including a ban on commercial profiling
- Clear accountability for every organisation handling Digital ID data.
If you believe digital identity protections need to be taken more seriously, share your support using #ProtectOurDigitalID.
Concerned about Discord’s recent data breach?
If you are concerned that your data may have been involved in last year’s Discord data breach, we have a full breakdown of what happened.
Join the Claim connects consumers with SRA-regulated lawyers. Visit the claim page to check your eligibility if a claim is open with one of our trusted legal partners. If a group action has not yet been launched, you can register your interest and we’ll keep you informed if a partner firm decides to take a claim forward.
