Tech behemoth Meta is failing to effectively enforce its own terms and conditions and is not doing enough to stop children under 13 from accessing Facebook and Instagram, the European Commission has alleged. The company rejects the criticism and says it is introducing additional measures to strengthen age checks.
Under the Digital Services Act (DSA) Meta should be able to identify, assess and mitigate the risks of minors under 13 accessing their services. In an investigation that has taken nearly two years, the Commission found this is not happening. Furthermore even when minors are identified while using the platforms, Meta does not promptly remove them.
According to the Commission “Meta’s tool for reporting minors under 13 on the platform is difficult to use and not effective, requiring up to seven clicks just to access the reporting form.” It adds that contrary to Meta’s claim that there is no widespread problem, there are “large bodies of evidence from all over the European Union indicating that roughly 10-12% of children under 13 are accessing Instagram and/or Facebook” and potentially being exposed to “age-inappropriate content.”
“Meta’s own general conditions indicate their services are not intended for minors under 13,” pointed out Henna Virkkunen, Executive Vice-President for Tech Sovereignty, Security and Democracy.
You might be interested
Industry-wide challenge
A Meta Spokesperson said the company disagrees with the preliminary findings and added “we have measures in place to detect and remove accounts from anyone under that age. We continue to invest in technologies to find and remove underage users and will have more to share next week about additional measures rolling out soon. Understanding age is an industry-wide challenge, which requires an industry-wide solution.”
It’s certainly the case that people can misrepresent how old they are to access apps by simply entering a false birth date. Many platforms have no effective controls in place to check the correctness of the self-declared date of birth.
One app to fix them all?
The Commission is simultaneously planning to fix this with its own age verification app.
Today, the Commission also adopted a recommendation urging Member States to accelerate the rollout of the EU app and make it available by the end of the year. The app, which is modelled on the Covid vaccine pass works as a standalone app or can be integrated into a European Digital Identity Wallet.
“Effective and privacy-preserving age verification is the next piece of the puzzle that we are getting closer to completing, as we work towards an online space where our children are safe and empowered to use positively and responsibly without restricting the rights of adults,” explained Virkkunen.
Meanwhile Meta can examine the Commission’s investigation files and mount a defence while in parallel, the European Board for Digital Services will be consulted. Meta could be fined up to $12 billion – 6% of the total worldwide annual turnover – if ultimately found to be in breach of the DSA. The Commission can also impose periodic penalty payments until such time as the problem is rectified.
The preliminary findings are based on an investigation that included an analysis of Instagram’s and Facebook’s own risk assessment reports as well as internal data and documents. The Commission will continue to investigate other potential breaches under the DSA including obligations to protect minors from any design interfaces that could exploit the vulnerabilities and inexperience of minors “leading to addictive behaviour and reinforcing the so-called rabbit hole effects.”
MEPs call for immediate consequences
Members of the European Parliament were quick to condemn Meta. Sandro Gozi (Renew/FR), who sits in the Parliament’s working group supervising the DSA, said: “Enough is enough. Meta disregarded readily available scientific evidence showing that younger children are particularly vulnerable to the harms of platforms like Instagram and Facebook. This isn’t negligence—it’s a business model. The DSA gives Europe the tools to act. We have to use them.”
Fellow Renew member, Stéphanie Yon-Courtin, added: “Calling out Meta’s breach of the Digital Services Act is not enough. A violation must trigger immediate consequences: action, sanctions and temporary suspension until full compliance. Protecting minors online is not optional. It is non-negotiable.”
