2 min

Tags in this article

, , ,

The Irish data protection authority fined Meta with €405 million for GDPR violations on Instagram.

The fine is the result of an investigation launched by the Irish Data Protection Commission (DPC) in 2020. According to the regulator, Instagram breached the privacy of children.

Meta allegedly allowed children between the ages of 13 and 17 to open business accounts on Instagram. The settings of these business accounts allow the publication of users’ phone numbers and email addresses. This goes against the conditions of the GDPR, according to the Irish regulator. Further exact details of Meta’s fine will be published next week.

Lengthy process

Meta’s European headquarters are located in the Irish capital, Dublin. As such, the DPC is responsible for overseeing Meta’s activities in the entire European Union (EU).

The imposition of the sanction against Meta was not without controversy. The Irish regulator reportedly made a preliminary decision that wasn’t accepted by the EU’s other privacy watchdogs. The DPC then proceeded according to a new process, incorporating input from other member state regulators. This resulted in the final decision and imposition of a €405 million fine.

Meta to appeal

Meta has announced it will appeal the fine. According to Meta, the investigation was based on dated Instagram settings. Newer versions reportedly changed the settings to hide the contact information of users under the age of 18.

The DPC and Meta have been in disagreement for quite some time. Facebook and WhatsApp were fined twice this year. Both cases involved cybersecurity and privacy settings that allegedly violated the GDPR. High fines were imposed.

Tip: WhatsApp updates its privacy policy in the EU after a €225M fine