Regulators Flag TikTok, YouTube, and Roblox as Unsafe for Children – Age Gates Insufficient
What Happened — Ofcom’s latest review concluded that TikTok and YouTube’s recommendation feeds are “not safe enough” for children, while Roblox, Snap, and Meta have pledged additional safety measures. The regulator highlighted that existing age‑verification tricks are easily bypassed, exposing minors to sexual content, offensive language, and grooming risks.
Why It Matters for TPRM —
- Child‑focused platforms are high‑value targets for data‑theft, identity‑theft, and malware campaigns.
- Weak age‑gate implementations create large centralized PII stores that can become breach vectors.
- Third‑party risk programs must evaluate vendors’ moderation, data‑handling, and verification practices beyond surface‑level compliance claims.
Who Is Affected — Social media (TikTok, YouTube), online gaming (Roblox), and broader digital‑media ecosystems that serve users under 13.
Recommended Actions —
- Review contractual clauses for child‑safety controls, moderation standards, and data‑retention limits.
- Validate that any age‑verification solution does not require excessive personal data (e.g., government IDs, biometrics).
- Conduct periodic audits of content‑moderation processes and incident‑response capabilities for child‑focused services.
Technical Notes — The issue is not a specific vulnerability but a systemic risk: inadequate content moderation, easily circumvented age‑gates, and centralized collection of sensitive PII (including potential biometric data). These factors increase the attack surface for phishing, malware, and credential‑theft campaigns targeting minors. Source: Malwarebytes Labs