Instagram Fined In Ireland For Violating Children's Privacy

Ireland's data protection authority has fined Instagram almost $400 million for mishandling children's data.

The Data Protection Commissioner's (DPC) decision follows concerns about the collection of children's data including phone numbers and email addresses. According to complaints, some children were able to upgrade to business accounts to access analytics tools such as profile visits, but did not know the new setting made more of their data visible to other users.

Meta, the social media giant that owns Instagram and Facebook, told the BBC it intends to appeal the decision.

"This inquiry focused on old settings that we updated over a year ago and we've since released many new features to help keep teens safe and their information private," a spokesperson said.

Anyone under 18 automatically has their account set to private when they join Instagram, so only people they know can see what they post and adults can't message teens who don't follow them.

"While we've engaged fully with the DPC throughout their inquiry, we disagree with how this fine was calculated and intend to appeal it."

"We adopted our final decision last Friday and it does contain a fine of €405 million ($396.2 million)," Ireland's DPC states.

• California lawmakers approve online privacy law for kids. Which may turn websites into identity checkpoints
• Twitter, Meta kill hundreds of pro-Western troll accounts
• UK Parliament bins its TikTok account over China surveillance fears
• WhatsApp boss says no to AI filters policing encrypted chat

The authority's decision shows the sustained willingness to enforce European Union data protection law (GDPR) across the political and trading bloc.

In March, Meta received an $18.6 million fine from Ireland's DPC following its inquiry into 12 data breach notifications between 7 June 2018 and 4 December 2018.

In 2021, the Irish agency fined WhatsApp $222m in a case hinging on how WhatsApp acted on transparency obligations within data protection law for both users and non-users of WhatsApp's service. The messaging firm said it intended to appeal the decision, saying the fine was "entirely disproportionate."

Google and Facebook were fined $148 million and $59 million respectively by French watchdog Commission Nationale de l'Informatique et des Libertés (CNIL) for the position of a GUI button to permit immediate acceptance of cookies while not offering the user an equivalent to refuse them as easily.

Luxembourg's data authority fined Amazon a record $738 million in July last year for data privacy violations, although in December a judge suspended a court order requiring a daily $750,000 payment towards the fine. ®