A record fine of €405 million has been imposed on Instagram by the Data Protection Commission (DPC) after finding that it processed children’s personal data on the social media platform in contravention of data protection regulations in Europe.
Violated Data Protection Rules
Following a two-year investigation that was launched in October of 2020, Irish regulators have concluded that Instagram violated European data protection rules under the General Data Protection Regulation (GDPR).
As part of the investigation, the first of two inquiries focused on the legal bases for the processing of children’s personal data by Meta, Instagram’s parent company. The second inquiry was focused on the default account settings of Instagram profiles of children aged between 13 to 17, which were automatically set to public and could be viewed by anyone.
The fine of €405 million will surpass the record set by the DPC last September when WhatsApp, also owned by Meta, was ordered to pay a €225 million fine for violations in relation to cross-border data protection infringements under GDPR.
Meta to Appeal Decision
In planning to appeal the DPC decision, Meta said that it disagreed with the verdict, stating that the inquiries were based on outdated settings that were updated over a year ago.
“Anyone under 18 automatically has their account set to private when they join Instagram, so only people they know can see what they post, and adults can’t message teens who don’t follow them,” Meta said in an emailed statement.
Further details of the DPC’s decision are expected to be published next week.
*In contentious business, a solicitor may not calculate fees or other charges as a percentage or proportion of any award or settlement.*