The UK’s data protection regulator has fined MediaLab.AI, Inc., the owner of image-sharing platform Imgur, £247,590 after finding the company unlawfully processed children’s personal data and failed to implement basic privacy safeguards.
The Information Commissioner’s Office (ICO) announced the penalty following an investigation that found MediaLab allowed children under 13 to use Imgur without verifying their age or obtaining parental consent, as required under UK data protection law. The regulator said these failures exposed children to potential harm, including inappropriate or harmful content.
According to the ICO, MediaLab breached the UK General Data Protection Regulation (UK GDPR) between September 2021 and September 2025 by collecting and processing children’s personal information without a lawful basis. Although Imgur’s terms stated that children under 13 required parental supervision, the company did not deploy age verification tools or other safeguards to prevent underage access or secure parental consent.
The ICO also found MediaLab failed to conduct a data protection impact assessment to evaluate and mitigate privacy risks to children. Without age assurance measures in place, the platform had no reliable way to identify child users, increasing the likelihood they could be exposed to harmful material, including violent or sexually explicit content.
UK Information Commissioner John Edwards said the company had “failed in its legal duties to protect children, putting them at unnecessary risk.” He emphasized that age assurance measures are essential to prevent misuse of children’s data and protect them from inappropriate content recommendations.
In determining the fine, the ICO considered the number of children affected, the duration of the violations, and MediaLab’s global turnover. The regulator also noted MediaLab’s acceptance of its findings and its commitment to implement safeguards if it resumes processing children’s data in the UK.
The enforcement action is part of a broader ICO effort to strengthen children’s online privacy protections under its Age Appropriate Design Code. The regulator warned that companies that fail to comply with data protection obligations involving children’s data could face further penalties and regulatory action.
Need Help?
If you have questions or concerns about any global guidelines, regulations and laws, don’t hesitate to reach out to BABL AI. Their Audit Experts can offer valuable insight, and ensure you’re informed and compliant.
