PrivacyWire

Regulatory action reported by The Register: UK data watchdog fines Reddit £14.47M for letting kids slip past the gate (also covered by BBC)

Discord delays global rollout of age assurance measures to H2 2026 after user backlash over privacy concerns. No mass ID collection planned; new vendor transparency commitments announced. (Discord Blog, also covered by BBC)

Bluesky integrated Germ DM as the first end-to-end encrypted messenger natively launchable within the Bluesky app, addressing the long-standing privacy gap in unencrypted DMs since May 2024. Germ uses Messaging Layer Security (MLS), an IETF standard, and integrates via AT Protocol so that neither Germ nor Bluesky can decrypt messages.

The Irish Data Protection Commission opened a formal GDPR inquiry into X's processing of personal data in connection with Grok's generation of deepfake images of real individuals. The inquiry examined whether X had a lawful basis for processing biometric and personal data to create AI-generated images, with particular focus on the impact on children and public figures.

Discord announced a global 'teen-by-default' system, treating all users as minors unless they complete age assurance. Unverified users cannot unblur sensitive content, access age-restricted channels, or change message request settings. Age verification uses on- device facial age estimation or government ID submission. The rollout, beginning in early March 2026, expanded protections first deployed in the UK and Australia in 2025.

French prosecutors raided X's Paris offices as part of a criminal investigation into the platform's failure to cooperate with authorities on content moderation and user data requests. The investigation focused on X's alleged non-compliance with French laws regarding the protection of minors and illegal content removal obligations.

Bluesky published its inaugural comprehensive transparency report for 2025, covering moderation, legal demands, influence operations, and age assurance. The platform grew 60% to 41.41 million users, processed 9.97 million moderation reports (up 54% year-over- year), removed 2.44 million violating items including 2.08 million accounts, and applied 16.49 million content labels. Law- enforcement requests rose fivefold to 1,470.

Following the closure of the USDS (TikTok U.S. Data Security) Joint Venture structure, TikTok published a substantially revised privacy policy for US users. The new policy expanded geolocation data collection to include precise location tracking for content recommendations and advertising, broadened data sharing with advertising partners, and disclosed that user data may be transferred to additional international jurisdictions beyond those previously disclosed.

California Attorney General Rob Bonta issued a cease-and-desist letter to xAI over Grok's generation of deepfake images and child sexual abuse material (CSAM). The letter cited violations of California law and demanded that xAI implement safeguards to prevent the generation of non-consensual intimate imagery and CSAM within 30 days.

X updated its Terms of Service to define all user interactions with Grok AI — including prompts, conversations, and feedback — as user 'Content' that X may use to train and improve its AI models. The change granted X a broad, royalty-free license to use Grok interactions without additional user consent beyond accepting the terms.