Instagram has been fined 405 million euros, or about $402 million, for its handling of children’s data.
The fine, the second largest ever awarded to a company for GDPR failures, comes via the Irish Data Protection Commission and was first reported by Politico. The fine also became the largest ever levied for a Meta-owned company and was handed over for Instagram’s misuse of children’s data including email addresses and phone numbers.
In a statement provided to Politico, Meta said the Irish investigation and subsequent fine was based on settings that had not been part of the Instagram app for over a year. A Meta spokesperson told Politico: “This inquiry focused on older settings that we updated over a year ago, and we’ve since launched several new features to help keep teens safe and their information private.” to private when they join Instagram, so only people they know can see what they post, and adults can’t message teens they don’t follow. We have fully engaged with the DPC throughout the inquiry period, and are carefully reviewing their final decision.”
The same complaint relates to how children’s information is handled by business accounts on Instagram, with a survey finding that some accounts were set to “public” by default, TechCrunch reports.
It remains to be seen what happens next, but despite the statement, this isn’t a good look for Instagram or Meta – two companies that continue to be squeezed by privacy and luxury issues, especially with regard to teens.
However, Instagram is correct in saying that it has taken steps to protect children and their data. It’s already added more robust time limits that parents can control, while people can also prevent sensitive content from being pushed to their feeds. Adults can also no longer send direct messages to people under the age of 18 except in certain circumstances as well.