Meta is to pay a fine of 405 million euros for not protecting the personal data of underage users by its subsidiary Instagram. The Irish Data Protection Commission (DPC) confirmed this to various media.
The fine to Instagram comes after an investigation of almost two years carried out by the DPC. In October 2020, the Irish watchdog opened two investigations against the social network after learning that Instagram had exposed the contact details of millions of minors.
According to the allegations, Instagram is said to have allowed teen users between the ages of 13 and 17 to set up business accounts on the platform. The minors switched to such accounts in order to be able to see more data on the interactions of their posts. Instagram previously disabled these features for personal accounts in some countries. By switching to business accounts, the young people’s contact information was publicly accessible.
Meta said in a statement to Politico that now all users under the age of 18 have their accounts automatically set to “private” when they log into Instagram. As a result, even adults would not be able to send messages to young people who did not follow them.
The company told the AP news that “we disagree with how this fine was calculated and intend to appeal it.”
The fine against Instagram is one of the highest ever imposed under the GDPR. It clearly exceeds the sum of 225 million euros that Whatsapp was supposed to pay.