Social media giant Facebook – now called Meta – has been fined €406 million by Ireland’s Data Protection Commission (DPC) over its children’s privacy policies on Instagram.
According to Engadget, the company’s settings allegedly violated the EU’s GDPR regulations (General Data Protection Regulation). This is the largest fine ever levied by the DPC.
Last year the watchdog fined WhatsApp, which is also owned by Meta, €225m for breaking data protection rules. In March of this year, the DPC also fined meta €17m over similar data-related concerns.
This latest announcement comes after a 2-year-long investigation, launched in September 2020, into alleged privacy breaches relating to children’s data.
Reportedly, the company had allowed children between the ages of 13 and 17 to operate business accounts, which sometimes reportedly required the publication of the child’s phone number and/or email address.
It was also found that the accounts of children were set to “public” by default, allowing anyone to view the content posted, unless the user went out of their way to set it to “private” in the account settings.
“We adopted our final decision last Friday and it does contain a fine of €405 million,” said DPC Deputy Commissioner Graham Doyle, as reported by RTÉ.
“Full details of the decision will publish next week.”
Speaking to the State broadcaster, a Meta spokesperson issued a statement responding to the finding.
“This inquiry focused on old settings that we updated over a year ago, and we’ve since released many new features to help keep teens safe and their information private,” they said.
“Anyone under 18 automatically has their account set to private when they join Instagram, so only people they know can see what they post, and adults can’t message teens who don’t follow them.
“While we’ve engaged fully with the DPC throughout their inquiry, we disagree with how this fine was calculated and intend to appeal it. We’re continuing to carefully review the rest of the decision.”