top of page

Instagram is being fined a record $401 million for violating children's privacy

In accordance with the General Data Protection Regulation, Instagram will be fined 405 million euros (U.S. $401 million) for failing to sufficiently secure the data of its underage users (GDPR).

The Irish Data Protection Commission (DPC), the main European data regulator for the social media juggernaut, will impose the highest fine it has ever imposed. It follows penalties of €17 million (then-U.S. $18.6 million) against Meta Ireland (previously Facebook Ireland) in March and €225 million (then-U.S. $267 million) against WhatsApp in September 2021 as the third fine in the last year against a subsidiary of Meta.

The Instagram fine will trail only a €746 million (U.S. $739 million) charge levied on Amazon in Luxembourg last year as the highest one imposed under the GDPR.

A representative for the Irish DPC confirmed in an email that the final judgment on the Instagram fine was made on Friday. The case's complete details are anticipated to be released the following week.

According to a Meta spokeswoman, the business plans to challenge the judgment.

The representative stated, "While we’ve engaged fully with the DPC throughout their inquiry, we disagree with how this fine was calculated. We’re continuing to carefully review the rest of the decision."

Despite the fact that the regulator said it previously had reservations about the way the platform processed data, the Irish DPC's investigation was launched in September 2020 as a result of information submitted by a third party. The investigation's purview included two different forms of processing done by Facebook Ireland.

The first problem stemmed from Facebook enabling users between the ages of 13 and 17 to run "business accounts" on Instagram, which in certain instances resulted in the public disclosure of their phone numbers and/or email addresses. The second problem was with the platform's user registration process, which by default set kid users' accounts to "public" and required a manual modification to alter to "private."

The Meta representative explained, "This inquiry focused on old settings that we updated over a year ago, and we’ve since released many new features to help keep teens safe and their information private. nyone under 18 automatically has their account set to private when they join Instagram so only people they know can see what they post, and adults can’t message teens who don’t follow them."

"This was a major breach that had significant safeguarding implications and the potential to cause real harm to children using Instagram," said Andy Burrows, head of child safety online policy at the National Society for the Prevention of Cruelty to Children in the U.K. "The ruling demonstrates how effective enforcement can protect children on social media and underlines how regulation is already making children safer online."

The Irish DPC is now looking at Meta across a number of platforms, including Facebook, Instagram, and WhatsApp. Legal and data privacy experts predict that the Irish watchdog's ruling in the issue involving Facebook and transatlantic data transfers will be the most notable one.



bottom of page