The ICO has fined MediaLab.AI, Inc., owner of the image hosting and sharing platform Imgur, £247,590 for failures relating to children's personal information.
The ICO found Imgur did not implement effective age assurance measures, and that children under 13 had their personal data processed without parental consent or another appropriate lawful basis. The regulator also found MediaLab failed to carry out a DPIA to assess and mitigate risks to children.
The ICO framed the penalty as part of a wider intervention to improve the safety of children's personal information online, emphasising that 'under-13s not allowed' statements are not controls unless backed by effective measures.
Acompli perspective: If your service is likely to be accessed by children, treat age assurance, DPIA, and design controls as a single compliance package — and keep the evidence ready. Ensure privacy safeguards cover third-party platforms, that processing records detail how children's data is handled, and understand how regulatory fines are calculated in enforcement actions like this.