Children’s rights

European Commission marks 10 years of GDPR

The European Commission has marked ten years since the General Data Protection Regulation (GDPR) entered into force across the European Union.

The GDPR entered into force on 24 May 2016 and established a common data protection framework across EU member states, and introduced rules governing the collection and processing of personal data. According to the European Commission, the regulation strengthened individuals’ rights regarding how personal data is collected, processed, corrected, deleted, and shared.

The framework applies to organisations ranging from small businesses to multinational technology companies. Authorities across the EU have also issued significant penalties in cases involving non-compliance with the regulation.

The GDPR has influenced privacy and data protection discussions internationally and contributed to wider adoption of similar regulatory approaches.

The Commission linked the GDPR to broader EU digital regulation efforts, including the Digital Services Act, the Digital Markets Act, and the AI Act. According to the Commission, these measures address issues including platform accountability, competition, and AI governance.

The Commission also referenced online child protection initiatives, including work on age verification and cyberbullying prevention. It said the EU’s approach reflects the principle that the online world should serve people.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Ofcom says major platforms will introduce new child safety measures in the UK

Ofcom said Snap, Meta, and Roblox plan to introduce additional child safety measures in the UK following regulatory pressure to strengthen protections against online grooming.

The commitments were outlined in an Ofcom report reviewing how major platforms responded to requests for stronger child safety protections. The measures include changes to contact settings, age assurance systems, AI-assisted detection tools, and controls for direct messaging.

According to Ofcom, Snap committed to implementing all recommended grooming prevention measures under the regulator’s Illegal Harms Codes. The changes will prevent adult strangers from contacting children by default, prevent children from being encouraged to expand their friendship groups to people they do not know, and introduce stronger age checks for UK users over the summer.

Roblox said it would expand existing protections, including parental controls for direct chat functions involving younger users. Meta said it plans to introduce additional privacy settings for teen accounts and AI-assisted detection tools for potentially inappropriate interactions.

Ofcom said it remains concerned about measures related to recommendation systems and harmful content exposure on some platforms. The regulator said evidence shows children’s exposure to harmful content has changed little since online safety duties came into force in July 2025.

The regulator also said platforms have not yet demonstrated effective enforcement of minimum age requirements. Its research found that 84% of children aged 8 to 12 were still using one of the top five online services, despite minimum age rules.

Ofcom has written to the UK Secretary of State advising that online safety legislation would need a clearer basis if Parliament wants the regulator to force platforms to enforce minimum age policies effectively.

Ofcom’s action plan includes monitoring implementation, reviewing recommender system risks, considering enforcement action, and continuing research into children’s online experiences.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Malaysia expands online safety rules for platforms and digital services

Malaysia’s Communications and Multimedia Commission (MCMC) has published the Child Protection Code and Risk Mitigation Code under the Online Safety Act 2025, following stakeholder engagement and a public consultation held from 12 February to 31 March 2026.

The codes form part of Malaysia’s broader online safety framework and outline expectations for service providers addressing online harms. According to MCMC, the framework follows an outcome-based approach that allows providers flexibility in implementing safety measures.

The Child Protection Code focuses on age-appropriate online experiences and child-safety-by-design principles for digital services in Malaysia. The code includes safeguards related to account registration, ownership restrictions for younger users, and protections involving higher-risk platform features.

It also introduces age-appropriate protections and restrictions on high-risk features, aiming to reduce children’s exposure to exploitative interactions and harmful content.

The Risk Mitigation Code outlines measures related to risk assessments, content governance, reporting systems, advertiser verification, and labelling of manipulated content. Measures include risk assessments, stronger content governance, effective reporting and response mechanisms, advertiser verification, and labelling manipulated content where appropriate.

Both codes are scheduled to take effect on 1 June 2026, with a transition period for implementation and verification processes. MCMC said a reasonable grace period will be provided for service providers to complete the verification process effectively.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

ICO warns major platforms over lack of privacy-friendly age assurance

The UK Information Commissioner’s Office has warned that major platforms have not yet introduced viable and privacy-friendly age assurance measures to stop underage children from accessing services with minimum age limits.

The statement follows letters sent by the ICO in March to TikTok, Snapchat, Facebook, Instagram, YouTube, and X, calling on them to urgently review and strengthen measures to prevent underage children from accessing their services.

Responses from the platforms show that some services are taking, or considering, additional steps to protect children. However, the regulator said none had yet introduced new age assurance solutions that it considers both viable and privacy-friendly.

The ICO said it does not yet have confidence that appropriate measures are being put in place and raised concerns that underage children’s data is still being processed on platforms they should not be able to access.

The regulator warned that more progress is needed and said it is considering next steps, including formal investigations and sanctions. Platforms that set minimum age limits must have effective age assurance measures in place, it added.

The ICO said it will continue working closely with Ofcom, which enforces the Online Safety Act, to ensure underage users cannot access services that were not designed for them. It also said its response to the government’s ongoing consultation sets out how the ICO can act under data protection law.

Why does it matter?

The ICO’s warning shows that age assurance is becoming both a child safety and data protection issue. Platforms that set minimum age limits may face pressure not only to keep younger users away from unsuitable services, but also to avoid unlawfully processing children’s personal data when those users should not have access in the first place.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Ofcom report highlights growing AI use among UK children online

The UK’s Ofcom has released new research indicating that children in the UK are using digital devices and online services at increasingly younger ages.

According to Ofcom’s Children’s Online Experiences report, screen use begins early in childhood, and smartphone ownership increases significantly during secondary school years. The report found that teenagers aged 15 to 17 spend a substantial amount of time online each week.

The report also noted declining use of traditional media formats such as live television, radio, and print among younger audiences. Live television, radio, and print media were described as increasingly absent from children’s routines, with social media, messaging platforms, and gaming dominating digital engagement.

Ofcom also warned that exposure to harmful content remains a significant issue despite the introduction of new online safety rules. Ofcom said many children reported exposure to harmful online content, including material surfaced through recommendation systems and personalised feeds.

The report also highlighted growing use of AI tools among children and teenagers. More than half of UK children aged 8 to 17 said they use AI tools, with some teenagers increasingly relying on AI systems for learning, creativity, communication, and companionship. Researchers said some children found it difficult to distinguish between AI-generated and human-created content.

The report suggested that passive content consumption plays an increasingly significant role in children’s online activity. Most younger users primarily scroll, watch, follow, or like content instead of actively creating or sharing material themselves.

Gaming remained one of the most important online social environments for children, with many users interacting regularly with people they had only met online through multiplayer gaming communities and communication platforms.

Why does it matter?

Ofcom’s findings highlight growing concerns surrounding children’s digital well-being, algorithmic exposure, AI literacy, and online safety regulation. Policymakers and regulators increasingly face pressure to address how recommendation systems, generative AI, and social platforms shape behaviour, attention, and trust among younger audiences.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Australia’s regulator targets AI-nudify platform over child safety and deepfake risks

Australia’s eSafety Commissioner has begun enforcement action against another AI-powered ‘nudify’ service accused of failing to protect children from exposure to sexually explicit deepfake images.

The regulator issued a formal Direction to Comply to one of the most visited nudify services in Australia, giving the provider 14 days to implement stronger protections preventing children from accessing the platform. eSafety said the service allows users to upload images of real people and generate sexually explicit deepfake content on demand.

The regulator warned that such technologies can facilitate non-consensual exploitation, cyberbullying, sexual extortion, image-based sexual abuse, misogynistic harassment and exploitation of minors. The service had attracted nearly 40,000 Australian visits per month as of March 2026, following a sharp increase in traffic over the previous six months.

The enforcement action was taken under Australia’s Age-Restricted Material Codes, which came into force in March 2026. The codes are designed to prevent children from accessing or being exposed to age-restricted material, including pornography, high-impact violence, self-harm, suicide or disordered eating content.

eSafety said the Argentina-based provider failed to respond to earlier engagement after the codes took effect and had not committed to improving protections for children. The regulator chose not to name the service to avoid inadvertently promoting it.

If the service does not meet the requirements within the 14-day timeframe, eSafety may pursue further action, including civil penalties of up to AU$49.5 million and delisting notices to search engine providers that help facilitate access to the site.

The action follows earlier enforcement in late 2025 that led three widely used nudify services, which had reportedly been used to generate child sexual exploitation material in schools, to withdraw from Australia. Those services have since relaunched under new ownership with additional safety measures, including mandatory age assurance.

Why does it matter?

The case shows how online safety regulators are beginning to apply age-assurance and child protection rules directly to generative AI services. Nudify platforms are treated as high-risk because they can enable non-consensual sexualised deepfakes, image-based abuse and exploitation involving minors at scale. Australia’s enforcement approach also signals that regulators may target foreign-based AI services when they are accessible to local users and fail to implement safeguards.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Snap, YouTube, TikTok and Meta settle Kentucky school district lawsuit

At mid-May, Snap, YouTube and TikTok have reached a settlement in a lawsuit brought by the Breathitt County School District in Kentucky. The school district alleged that social media platforms contributed to learning disruption, mental health concerns, and additional financial pressures on schools.

Terms of the settlement have not been disclosed. Meta remained a defendant in the same litigation and was scheduled to proceed to trial on June 15th. However, on May 21st, the company also reached a settlement. The case is one of a broader series of lawsuits involving social media platforms and alleged harms affecting minors and schools.

This follows earlier related cases settled by Snap and TikTok. The companies have faced multiple lawsuits related to alleged harms associated with social media use. In a separate case, a jury awarded damages to a plaintiff in litigation involving Google and Meta. Meta has also recently been ordered to pay $375 million in a separate case brought by New Mexico’s attorney general.

Beyond seeking monetary awards of $60 millions, plaintiffs and state authorities have also called for changes to platform design and online safety measures affecting minors. Additional lawsuits involving social media platforms and youth safety issues remain ongoing in US courts.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Researchers analyse framing of youth social media use in Australian policy discussions

A new paper, published in the journal SAGE Journals, examines how concerns around children’s social media use are framed in debates surrounding regulation and online safety. The study was authored by researchers Justine Humphry, Catherine Page Jeffery, and Jonathon Hutchinson.

According to the paper, the research focuses on debates related to Australia’s proposed social media age restriction laws. The authors argue that media coverage and political discussion increasingly frame teenagers’ social media use as an issue requiring stronger regulation.

The paper explores how discussions about risk, safety, and childhood vulnerability influenced calls for age-based restrictions on social media. The study also examines how age-based regulation emerged as a proposed policy response to wider concerns about digital platforms and young people.

The research contributes to broader academic discussions on digital governance, youth agency, and media regulation. The research was published as an open-access article in Convergence and centres on policy debates in Australia.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

eSafety Commissioner and Sport Integrity Australia focus on online harms in sport

Australia’s eSafety Commissioner and Sport Integrity Australia have launched a joint initiative focused on online safety in sport.

The Online Safety in Sport Summit brought together representatives from sporting organisations, government agencies, researchers, law enforcement, and technology companies. The discussions focused on cyberbullying, online harassment, and harmful digital behaviour affecting athletes and sporting communities.

During the summit, Australia’s eSafety Commissioner Julie Inman Grant said harmful behaviour linked to sport increasingly occurs across social media, messaging applications, and online communities.

Research presented during the summit, titled ‘The Digital Sideline’, found that nearly one in five children participating in organised sport reported experiencing cyberbullying related to sporting activities.

Officials in Australia said that many reported online harms involved peers, including teammates and competitors, and occurred through private messages and group chats.

Participants highlighted the importance of prevention measures, early intervention, and cooperation between sporting organisations, regulators, and technology companies.

Why does it matter?

Online abuse within sport is becoming an increasingly significant policy and governance issue as digital platforms reshape athlete visibility, fan interaction, and youth participation. Cyberbullying, online harassment, and hate speech can affect mental health, athlete safety, participation rates, and broader social cohesion.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Diplo chatbot can make mistakes. Consider checking important information.