The Data Protection Commission (DPC), the Irish supervisory authority for the General Data Protection Regulation (GDPR) has fined €405 million to Meta-owned Instagram for sharing children's data including emails and phone numbers.
Between the ages of 13 and 17, Instagram users were permitted to create business profiles that included their contact information, including phone numbers and email addresses. Additionally, the DPC discovered that the platform featured a user registration process wherein accounts of users between the ages of 13 and 17 were automatically set to "public."
Millions of children across the European Union have been impacted by this practice, however, the DPC has not released specific numbers.
The sanction, which follows a €17 million fine in March of this year and a €225 million penalty for "serious" and "severe" GDPR violations on WhatsApp, is the largest the watchdog has ever issued on Meta.
In the statement, MeSpokespersonson said-
“This inquiry focused on old settings that we updated over a year ago, and we’ve since released many new features to help keep teens safe and their information private. Anyone under 18 automatically has their account set to private when they join Instagram, so only people they know can see what they post, and adults can’t message teens who don’t follow them. We engaged fully with the DPC throughout their inquiry, and we’re carefully reviewing their final decision.”
Furthermore, Meta may be in for more bad news given that the Irish DPC has at least six additional inquiries into businesses that are owned by Meta on the horizon.