Increasingly, facts and figures about the negative effects of social media are being reported in the press. Recent statistics have shown that three-quarters of children aged 10-12 already have social media accounts, and that the amount of time children aged 12-15 spend online has more than doubled in a decade. Just last week, the Children’s Commissioner announced that schools should be playing a bigger role in preparing children for social media’s “emotional demands”. Such reports are understandably very concerning, and raise questions about the morality of social media giants benefiting at the expense of the emotional wellbeing of children. However, thought should also be given to the legal aspect of these relationships, and in particular, the terms and conditions that children are signing up to when creating social media accounts.
Can social media companies legally contract with children?
Under English law, a child (a ‘minor’) is anyone under the age of 18. The law creates a presumption that children under the age of 7 do not have capacity to enter into a contract. Between the ages of 7-18, a minor can enter into a contract, but the law will presume that the minor cannot understand it. For this reason, contracts with minors are generally voidable (non-binding) at the minor’s option, unless an exception applies (such as an apprenticeship contract, a contract for the ‘necessaries of life’ such as food, clothing, medicine and accommodation, and other service contracts that are to the child’s benefit, such as education). None of those exceptions could be said to apply to social media contracts, meaning that if you’re under the age of 18 and creating a social media account, you are not legally bound by the terms and conditions attached to it, if they are governed by English law.
When creating a new account with Snapchat (which, at the time of writing, has terms and conditions governed under English law for users based outside the USA), users are asked to verify that they are aged 13 or over. Given that contracts entered into by minors between the ages of 7-18 are voidable, the stipulated minimum age of 13 is in fact irrelevant in terms of Snapchat’s right to enforce the terms governing any such account.
Unfortunately, the situation is less clear cut when the terms and conditions of the social media platform are governed under the laws of jurisdictions other than England. At the time of writing, Facebook and WhatsApp’s terms incorporate a minimum age requirement for users of 13, but are governed under the laws of California, where the laws may differ from those of England as to whether contracts with minors can be enforced.
Unsurprisingly, increasing the numbers of their teenage users appears more important to social network companies than the ability to enforce their terms against those users. However, irrespective of enforceability, terms and conditions contain important practical information setting out the ways in which social media platforms are making use of users’ data on a daily basis. But if a minor (or an adult) ever read those terms, would they understand them?
Simplified terms and conditions
As we all know, terms and conditions are often very lengthy and complex. For example, BBC News recently noted that Instagram’s current terms and conditions are made up of approximately 5,000 words, and include references to terms such as “fiduciary”, “indemnification”, “strict liability” and “consequential damages”. But how many minors (or adults) actually know what these words mean? And how likely is it that a minor (or adult) would have any inclination to read a 5,000-word document filled with legal jargon? Unsurprisingly, the vast majority of minors have no interest in reading these terms and conditions before signing on the (online) dotted line. Certain social media platforms may also struggle to enforce such terms against their adult users, given that, under English law, provisions which are not expressed in 'plain English’ are likely to be considered unfair and unenforceable against consumers.
For minors (and adults) wanting to hook into the social media frenzy, the Children’s Commissioner recently published a set of ‘simplified’ terms and conditions in relation to several major social media platforms. Unfortunately, these are only guidelines for the moment, and there are currently no plans for social media companies to adopt similar terms.
However, the simplified terms reveal a number of particularly eye-opening details about the ways in which minors’ data is used by social media platforms, including:
- Snapchat can send information about you to other people in your phonebook.
- Instagram can keep information it has gathered about you, even once you’ve deleted your account, for “as long as is reasonable”.
- Facebook can use your name, profile pictures, information about what you ‘like’ and anything you post to make money. Facebook does not have to pay you for using this information.
- Facebook can store and keep your photos or videos, even once you have deleted them.
Simplified and more transparent terms and conditions would, at the very least, give users an opportunity to fully understand how their data is being used by social media platforms. Let’s hope these social media platforms (and their lawyers) take note.
If you need help drafting, reviewing or understanding the implications of any commercial contractual documents, please contact a member of Kingsley Napley’s Corporate & Commercial team, details of whom can be found here. Kingsley Napley also has a specialist data protection team, who can assist with any data protection related queries you might have. Details of the data protection team can be found here.
Latest blogs and news
Court of Appeal clarifies data protection claims for non-material damage: A win for claimants - But what are the implications for controllers and processors?
The Court of Appeal has recently handed down an important decision in respect of data protection law considerations in Farley & Others v Paymaster (trading as Equiniti) [2025] EWCA Civ 1117, providing clarity on the scope of infringement and compensation data protection claims under the UK GDPR and Data Protection Act 2018 (“DPA”). The judgment will be of particular interest to any service provider dealing with and processing large volumes of customer personal data.
Three Cautionary Tales for UK Tech Companies
In tech, the law often arrives after something has gone wrong. Here are three cautionary tales* and the lessons every founder, CTO and in-house counsel should take away.
Top five takeaways from the Data (Use and Access) Act 2025
The Data (Use and Access) Act 2025 (the “DUAA”), which received Royal Assent on 19 June 2025, introduces targeted reforms to the UK data protection legal framework — particularly the UK GDPR, the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003 (“PECR”).
A game changer for data processors? The ICO issues a significant fine against a processor
The recent cyberattacks on major UK retailers have put cybersecurity back in the spotlight. But a more significant development for data protection practitioners has been flying under the radar: the Information Commissioner’s Office (ICO) has issued a notable fine directly against a data processor for breaching UK GDPR security obligations - an important shift in enforcement focus.
Key takeaways: What recent consumer law reforms mean for service providers
On 6 April 2025, the first wave of consumer protection provisions under the Digital Markets, Competition and Consumers Act 2024 (“DMCC Act”) came into force, marking the most significant overhaul of UK consumer protection law in over a decade.
Boosting cybersecurity: New Software Security Code of Practice for software vendors
In the wake of recent high-profile cyber-attacks on major retailers like Marks & Spencer and Co-op, the UK government has launched a new voluntary Code of Practice for software vendors at its flagship cyber security event, CyberUK 2025. This initiative sets a dynamic baseline for software security and resilience, aiming to help prevent such breaches in the future.
Ofcom’s new draft guidance for ‘a safer life online for women and girls’ as part of its OSA consultation process
The Office of Communications, commonly known as ‘Ofcom’ (the regulator for communication services) is calling on tech firms to make ‘the online world safer for women and girls’.
Reflections from an Exclusive Roundtable at The Ivy: Top 10 Takeaways on AI Regulation
Last week, I had the pleasure of hosting an insightful roundtable dinner at The Ivy in Covent Garden, London, bringing together thought leaders, industry experts, and business owners to discuss one of the most pressing topics of our time - AI regulation. Co-hosted by the brilliant Fred Becker, CAO of Unlikely AI, the conversation was rich with diverse perspectives, practical concerns and strategic insights.
EU Data Act: Are your SaaS contracts ready for September?
The EU Data Act is set to reshape the data landscape, and while its full impact will unfold over time, some key provisions are coming into effect this September that SaaS providers need to be aware of now. Specifically, we're talking about the rules around data switching, and how they'll likely require you to update your standard terms and existing customer agreements.
The UK-US Data Bridge: A Shift in Transatlantic Data Sharing
On 12 October 2023, the UK-US Data Bridge (the “Data Bridge”) came into force, transforming the way both nations handle the flow of information across their borders. In this blog we explore the position before and after the introduction of the Data Bridge, looking at the key implications, benefits and challenges associated with the transatlantic data-sharing initiative.
Is your online business caught by the Online Safety Act?
The Online Safety Bill recently received Royal Assent and became law in October this year (the “Act”), at which point the Office of Communications (“Ofcom”) was granted broad powers to regulate online service providers. Essential detail concerning the legislative framework within the Act will be disclosed in the course of consultation and stakeholder engagement concerning the secondary legislation, codes of practice and guidance which will underpin the Act.
SVB’s rescue is an unexpected credibility boost for the UK Science and Technology Framework
The rescue of SVB showed that the UK government not only acted decisively in relation to a critical sector for the UK economy, but in the process showed that its newest policy Framework can involve meaningful action as well as words
Software support helpdesk services – key contracting principles
In our recent blog, we explored why a Framework Agreement structure is typically the most appropriate customer contracting model for IT managed services providers (“MSPs”) and IT consultancies which offer a diverse product and service offering. Whilst our initial blog focussed on the purpose and terms of the Framework Agreement itself, that document is merely the starting point, given that a Work Order is also needed to document specific terms relating to each product or service offered by an MSP or IT consultancy. A typical service offering is a dedicated software support helpdesk, usually provided to support each of the software products offered by the MSP or IT consultancy to its customers. This blog considers a handful of the key issues to bear in mind when documenting the terms of a Work Order relating to the supply of a software support helpdesk service.
Framework Agreements: the customer contract model for technology service providers
Many businesses lack comprehensive in-house IT expertise and resources to fully implement and manage all of their IT infrastructure requirements. IT managed services providers (“MSPs”) and IT consultancies plug the gaps by typically offering a diverse range of IT services and products to lighten the burden on their customers’ in-house IT teams (or to even remove the need to have an in-house IT team).
Data: A New Direction - Unleashing the transformational power AI?
In this blog series, we will review the key proposals for reform of data protection law within the Government’s consultation paper ‘Data: A New Direction’. We will consider how far the Government will stray from the current path and signpost some potential pitfalls and practicalities for consideration along the way.
The new cookie conundrum
Potential reforms to UK data privacy laws will change the way that cookies work on websites - businesses need to prepare now.
Lifecycle of a tech startup series: Preparing to raise investment
In the last instalment we talked about the ways in which the founders of KNow Wear Limited could protect the intellectual property in their business. Since then, the business has been progressing well and our founders have been working on developing a prototype.
Lifecycle of a tech startup series: Intellectual Property
In our last instalment our founders, Sarah and Chris, considered the basics in establishing their tech startup and they incorporated a company under the registered name ‘KNow Wear Limited’.
How the tech sector can make the most of the UK’s new immigration rules
Many companies in the tech sector will be aware of the new immigration system and Skilled Worker category opening in a couple of weeks on 1 December. For those companies without a sponsor licence, they will need to apply for one in order to recruit both non-EU and EU citizens. EU citizens resident in the UK before 11pm on 31 December 2020 can apply to the EU Settlement Scheme.
Lifecycle of a tech startup series: The basics
Welcome back to the blog series covering the lifecycle of a tech startup, from a legal perspective.
You may also be interested in:
We welcome views and opinions about the issues raised in this blog. Should you require specific advice in relation to personal circumstances, please use the form on the contact page.
You may also be interested in:
Blog
Kingsley Napley’s Medical Negligence Team ‘walks together’ with the Dame Vera Lynn Children’s Charity
Sharon Burkill
Blog
A New Era of Football Regulation - The Independent Football Regulator
Natalie Cohen
Share insightLinkedIn X Facebook Email to a friend Print