Instagram Fined a Record $400 Million for Mishandling Children’s Data

Instagram’s parent company Meta has been fined €405 million for mishandling teenagers’ data. The decision and fine were finalized by Ireland’s Data Protection Commission (DPC) after an investigation into the company’s data handling practices.

The DPC’s decision came in on Friday last week, with a promise to share “full details” this week. The investigation had originally started two years ago and focused on two ways in which the social network had breached General Data Protection Regulation (GDPR) rules.

The first breach was caused by Instagram allowing young users aged between 13 and 17 to set up business accounts on the platform, which made their information publicly available. Instagram also made some young users’ profiles public by default.

Meta has said in a statement that it already updated its profile settings for Instagram last year so that anyone under 18 automatically has their account set to private. Content on a private account cannot be seen by anyone unless you specifically allow it, and adults can’t message teens who don’t follow them. Meta has said that “we disagree with how this fine was calculated and intend to appeal it.”

This is the third and largest fine the DPC has imposed on Meta. The second-largest fine (about $267 million at the time) was imposed last year when DPC found that WhatsApp did not properly inform users about its data collection practices, particularly how it shared the data with Meta. WhatsApp was ordered to update its privacy policy, and the company planned to appeal.

WhatsApp’s privacy policy issue turned into a massive controversy last year with millions of people switching to other messaging apps such as Telegram, Discord, Signal, and others. Telegram reported record growth in its user base during that time.

There was also a much smaller fine earlier this year worth $18.6 million. It involved Meta’s bad record keeping around security breaches.



close
>