Instagram has been fined a whopping 405 million euros ($402 million) by Ireland’s Data Protection Commission for mishandling teenagers’ personal data. The Irish data privacy regulator has fined the social media platform for violations of the European Union’s general data protection regulation (GDPR) by allowing teenagers to set up accounts that publicly displayed their phone numbers and email addresses.
The decision came following a two-year-long investigation that started in 2020 by the Data Protection Commission. The probe focused on young users between the ages of 13 and 17 who were allowed to operate business accounts, which showed the publication of the user’s phone number and/or email address. The agency also found that the platform had operated a user registration system whereby the accounts of 13-to-17-year-old users were set to “public” by default, according to The Guardian report.
Instagram fined 405 million euros
Instagram parent Meta, which also owns Facebook and WhatsApp, said that it plans to appeal against the fine, in an emailed statement to Reuters. The statement further said that Instagram updated its settings over a year ago and has since released new features to keep teens safe and their information private.
Meta is regulated by the Irish watchdog DPC on behalf of the entire EU because the company’s European headquarters are in Ireland. Under the Europen Union’s data privacy rules, the DPC is the lead regulator for many U.S. tech companies with European headquarters in Dublin.
“We adopted our final decision last Friday and it does contain a fine of €405m. Full details of the decision will be published next week,” a DPC spokesperson said adding that the full details of the decision will be published next week.
Back in September 2021, Meta was fined €225m for “severe” and “serious” infringements of GDPR on WhatsApp. This penalty is the highest penalty imposed on Meta and the second largest under GDPR, behind the €746m levied on Amazon in July 2021.