Parent company Meta has been fined $402 million (€403,614,030) by the Irish Data Protection Commission (DPC) for its management of children’s privacy settings on Instagram. In doing so, it would have violated the European General Data Protection Regulation (GDPR).
This fine is, according to Politico reports, the second largest fine imposed by European GDPR laws. According to Politico, the highest fine at the moment is the 746 million euro fine against Amazon. For Meta, this is the third and also the largest fine it has received from the regulator to date.
Why this fine exactly?
A DPC spokesperson confirmed the news and said we will have more details next week. In fact, the fine follows an investigation into Instagram by the DPC regarding the photo-sharing app’s privacy settings on accounts run by children.
Following the investigation, the DPC discovered that personal data such as email addresses and telephone numbers were made public. But the investigation also uncovered Instagram’s policy of making all new accounts, including teens, publicly visible by default.
In a statement, a company spokesperson explained to Politico. He said the investigation conducted by the DPC was based on the old parameters. However, these were updated more than a year ago. He also assured that since then they have released several features dedicated to helping keep teens safe and their every piece of information private.
Additionally, the spokesperson said that anyone under the age of 18 has their account set to private when they join Instagram automatically. So only people they know have access to what they post, and only adults who follow them can message them. He added that Meta cooperated fully with the DPC during its investigation and is carefully considering its final decision. Engadget says Meta can still appeal the decision.