An Irish regulator found Meta, the parent company of Facebook, more than $400 million (£346 million) for violations of data privacy laws related to information about children on Instagram.
The Irish Data Protection Commission levied the fine against Meta for violations of the General Data Protection Regulation, or GDPR, earlier this month, Politico first reported. The privacy law was implemented in 2018 and gives special protection to children’s data linked to social media accounts, video games and other internet sites.
The New York Times added the Irish regulator first opened an investigation in 2020 amid reports Instagram made the accounts of users aged 13 and 17 public by default, as well as allowing teens with business accounts on the app to publicize their email addresses and phone numbers. Many of those business accounts were linked to aspiring influencers, the Times reported.
It’s the second-highest fine ever handed down under the GDPR, after a $742 million (£641.5 million) penalty against Amazon.
Meta said it had since updated its privacy settings and “released many new features to help keen teens safe and their information private.” It said it planned to appeal the decision.
“Anyone under 18 automatically has their account set to private when they join Instagram, so only people they know can see what they post, and adults can’t message teens who don’t follow them,” the company told Politico in a statement. “We engaged fully with the DPC throughout their inquiry, and we’re carefully reviewing their final decision.”
It’s the third time Meta has faced fines in Ireland. The NY Times notes the social media behemoth has its European headquarters in the country, which requires Irish regulators to uphold the European Union’s GDPR standards.
The company was fined $223 million (£193 million) last year for violations on its messaging platform, WhatsApp, and another $17 million (£14.7 million) this March for data breaches.