Irish regulators fine Instagram €405 million for violating children’s data privacy


The Irish watchdog has fined Instagram owner Meta a record €405 million ($403,8 million) for allowing children to set up accounts that publicized their emails and phone numbers.

Ireland’s Data Protection Commission (DPC) undertook a two-year-long investigation into Instagram’s practices, researching claims of the potential European Union’s general data protection regulation (GDPR) violations. The DPC regulates Meta on behalf of the EU.

The investigation covered complaints of Instagram’s default settings, which make accounts of all users, including those below 18, public, as well as the specifics of business accounts, which publicize personal information of minors. Users between 13 and 17 were allowed to create business profiles, which exposed their phone numbers and email addresses.

ADVERTISEMENT

"We adopted our final decision last Friday and it does contain a fine of €405m," Ireland's Data Protection Commissioner (DPC) commented.

Instagram responded to the decision, arguing that it had already updated its settings, with the fine relating to a year-old scenario. The company said that teenagers’ accounts had been set to “private” by default since July last year. It is hence planning to appeal.

“While we’ve engaged fully with the DPC throughout their inquiry, we disagree with how this fine was calculated and intend to appeal it. We’re continuing to carefully review the rest of the decision,” Instagram told BBC news.

This is the third fine issued to Meta – also the owner of Facebook and WhatsApp – by the regulator and the largest the DPC has ever given for a breach of the European Union's General Data Protection Regulation. Last year, the DPC fined WhatsApp €225 million ($224 million) for violating privacy laws, with another fine worth €17 million ($16,9 million) issued to Facebook.