Instagram’s parent company Meta has been fined €405 million for mishandling teenagers’ data. The decision and fine were finalized by Ireland’s Data Protection Commission (DPC) after an investigation into the company’s data handling practices.
The DPC’s decision came in on Friday last week, with a promise to share “full details” this week. The investigation had originally started two years ago and focused on two ways in which the social network had breached General Data Protection Regulation (GDPR) rules.
The first breach was caused by Instagram allowing young users aged between 13 and 17 to set up business accounts on the platform, which made their information publicly available. Instagram also made some young users’ profiles public by default.
Meta has said in a statement that it already updated its profile settings for Instagram last year so that anyone under 18 automatically has their account set to private. Content on a private account cannot be seen by anyone unless you specifically allow it, and adults can’t message teens who don’t follow them. Meta has said that “we disagree with how this fine was calculated and intend to appeal it.”
There was also a much smaller fine earlier this year worth $18.6 million. It involved Meta’s bad record keeping around security breaches.