According to Cyber News, the ICO found that although the platform’s terms prohibited users under 13, the restriction was not actively enforced until July 2025, when changes were introduced to comply with the Online Safety Act. The regulator also determined that a required Data Protection Impact Assessment (DPIA), which was intended to assess risks associated with processing children’s data, was not completed before January 2025. Under UK GDPR rules, such assessment.