A recent study by online security firm Surfshark has revealed that the major social media platforms, including Facebook, Instagram, TikTok, Whatsapp, and Twitter (now X), faced fines totaling over €2.9 billion (£2.5 billion) for data breaches since the enactment of the General Data Protection Regulation (GDPR) in the UK. Astonishingly, more than a quarter of these fines, amounting to €765 million, were specifically related to inadequate protection of children’s data.
TikTok, the popular short-form video platform, incurred three out of the 13 fines related to children’s data, totaling €360 million. Instagram, owned by Meta, received a hefty €405 million fine for setting up business accounts made by children to the public by default. These cases highlighted issues such as unclear privacy policies, default public settings, and insufficient enforcement of age restrictions.
Out of the top 10 social media platforms investigated, half-faced fines, with Meta’s products (Facebook, Instagram, Whatsapp) accumulating €2.6 billion in penalties. X received the lowest fine, while YouTube, Snapchat, Pinterest, Reddit, and LinkedIn did not incur any fines.
The data, sourced from the GDPR Enforcement Tracker, highlights the evolving regulatory landscape and the increasing emphasis on safeguarding children’s privacy in the digital realm.
Although YouTube did not receive any fines from the GDPR in the UK, research conducted in August has raised concerns about Google potentially tracking and targeting children with advertisements for adult products on YouTube through an AI-powered ad-targeting system.