The UK’s data protection watchdog, the Information Commissioner’s Office (ICO), has issued a stern warning to digital firms, big or small, over the use of children’s data. Speaking at the IAPP Data Protection Intensive UK 2025 conference in London, Information Commissioner John Edwards emphasized the importance of compliance with data protection laws for all organizations.
Edwards expressed that the recent investigations into popular platforms such as TikTok should serve as a wake-up call to businesses of all sizes to ensure that their practices are in line with the law. He made it clear that the focus on larger platforms does not exempt smaller companies from adhering to the regulations, especially when it comes to children’s data.
In his address, Edwards highlighted the concerns raised by ICO research, which revealed that a significant number of British parents feel they lack control over the data collected by social media and video-sharing platforms about their children. He stressed that it is not the responsibility of children to navigate these complexities on their own, and platforms should make information easily accessible to both children and parents.
The ICO’s investigation into TikTok, Imgur, and Reddit aims to scrutinize the use of recommender systems that could potentially expose vulnerable youngsters to inappropriate content. The regulator also plans to examine how these platforms handle children’s personal information and age assurance measures to ensure compliance with data protection laws.
Additionally, Edwards mentioned the ICO’s ongoing investigations into the use of artificial intelligence (AI) and biometrics, including automated decision-making processes and the controversial use of facial recognition technology by law enforcement agencies. He emphasized the ICO’s commitment to monitoring any deployment of predictive profiling that could infringe on people’s rights.
Overall, the message delivered by the ICO is clear: all organizations must prioritize compliance with data protection laws, particularly when it comes to safeguarding children’s data. The regulator’s proactive stance serves as a reminder to businesses that they need to take proactive steps to ensure their practices align with legal requirements to avoid regulatory scrutiny. As digital firms navigate an evolving regulatory landscape, the ICO’s warnings should prompt them to review and enhance their data protection measures to protect the privacy and rights of individuals, especially children.