Ireland’s Data Protection Commission on Monday said it had fined Instagram a record 405 million euros ($402 million) for breaching regulations on the handling of children’s data.
“We adopted our final decision last Friday and it does contain a fine of 405 million euros,” the DPC said in a statement. Full details of the decision will be published next week, it added.
The DPC launched an investigation in late 2020 into concerns about how the image-sharing social media platform handles children’s personal data.
The probe centred on the “appropriateness” of Instagram profile and account settings for children, and the firm’s “responsibility to protect the data protection rights of children as vulnerable persons”.
It was conducted under the General Data Protection Regulation (GDPR) — the EU charter of data rights which came into effect in May 2018.
The GDPR gives data regulators the power to impose stiff fines for breaches.
As Instagram is owned by Meta, which has its European headquarters in Dublin, it falls to the DPC to enforce the regulations.
Last year, it fined WhatsApp, also owned by Meta, a then-record 225 million euros for breaking data protection rules.
Meta, which also owns Facebook, was in March slapped with a 17-million-euro fine for 12 data breaches.
There was no immediate response from Meta when contacted by AFP.
But a company spokesperson was quoted by Irish state broadcaster RTE as saying the Instagram inquiry “focused on old settings that we updated over a year ago”.
“We’ve since released many new features to help keep teens safe and their information private,” they added.
“Anyone under 18 automatically has their account set to private when they join Instagram, so only people they know can see what they post, and adults can’t message teens who don’t follow them.”
The company disagreed with how the fine was calculated and plans to appeal, they added. — Agence France-Presse