A $402 million USD fine was imposed on Meta for violating the data privacy laws of the European Union in handling children’s data on Instagram. It’s the most recent step taken by regulators in Europe and the US to restrict how information about young people is gathered and shared online by businesses. The decision was made by Ireland’s Data Protection Commission (DPC).
According to the almost two-year-old DPC investigation, Instagram started enabling users between the ages of 13 and 17 to create business accounts, making their contact details available to the public. Users occasionally switch to corporate accounts because they get access to greater engagement analytics when they do so. Additionally, some young users’ Instagram profiles allegedly became public by default.
This fine is the third one the Irish regulator has imposed on a firm owned by Meta and also the second-highest fine imposed under the GDPR. The €746 million fine against Amazon continues to be the highest one.
With Instagram fined $402 million USD, Meta disagrees with the decision and plans to appeal. “Anyone under 18 automatically has their account set to private when they join Instagram, so only people they know can see what they post, and adults can’t message teens who don’t follow them,” the company told the New York Times via email.
Companies are barred from utilizing specific data to customize advertising directed at people under the age of 18 under a new law called the Digital Services Act.
Meta told The Associated Press that Instagram has introduced new privacy protections for teens, including automatically switching their accounts to private when they sign up. Instagram claimed the investigation focused on “old settings” that were modified more than a year ago.
[Sources]: The New York Times: Meta Fined $400 Million for Treatment of Children’s Data on Instagram – [Archive]. The Associated Press: Irish watchdog fines Instagram 405M euros in teen data case – [Archive].