Popular social media platform Instagram was fined a record of €405 million ($402 million) by Ireland’s Data Protection Commission (DPC) for mishandling children’s data.
The data privacy watchdog first launched the investigation back in 2020, focusing on users aged 13-17 and running business accounts on IG, which could lead to their phone numbers and email addresses to be published publicly. When a user runs a business account, Instagram provides them with more detailed insights into their posts and audience, and this is a major factor for many users to switch to business accounts.
A spokesperson for the regulator confirmed the penalty and its amount, saying: “We adopted our final decision last Friday and it does contain a fine of 405 million euro.” He added that more details will be announced next week.
A spokesperson for Meta, the parent company of Instagram, said that they don’t agree with the decision and will appeal against the penalty.
Instagram has been adding new tools and features for a while to make its platform safer for teen users. Last year, the company banned adults from sending DMs to users under 18 and began defaulting users under 16 into private accounts. Earlier this year, it launched new parental control tools and updated its Sensitive Content Control feature to minimize the number of sensitive content teen users may encounter on the platform.
Also Read: The 6 Best Parental Control Apps for iPhone
The new penalty is the largest GDPR penalty Meta has been fined so far. Last year, the DPC fined WhatsApp $266 million over its data sharing practices with its parent Meta and other Meta companies.
However, it’s not the highest GDPR penalty a tech company has received so far, that belongs to Amazon which was fined $888 million last year for violating data protection rules.