Instagram Fined €405 Million Over Children’s Data Breach

Irish regulators fined Instagram €405 for violating children’s data privacy, specifically email addresses and phone numbers. This fine is the regulator’s third against Meta, Instagram’s owner. Instagram currently has over a billion monthly active users.

The Data Protection Commissioner of Ireland calculated the long-running complaint to be at such an amount. While Meta cooperated fully with the DPC throughout the investigation, they disagreed with how the fine was calculated. Therefore, they are planning to appeal the decision.

According to a Meta official, DPC’s investigation focused on Instagram’s old settings that they updated more than a year ago. In addition, Instagram has since released many new features to keep children safe and their information private.

When teenagers under 18 join Instagram, their account is auto-set to private, so only their followers can see their posts. Furthermore, adults can’t message children who don’t follow them.                                                                                                                               

However, some children allegedly upgraded to business accounts to access analytics tools like profile visits, not realizing that they made their data more public.

Andy Burrows, head of child-safety-online policy at the National Society for the Prevention of Cruelty to Children (NSPCC), said that Instagram violating data privacy is a major breach that could potentially harm children using the said platform.

According to him, the ruling demonstrates the effectiveness of enforcement in protecting kids on social media and that such regulations make children safe online. 

Notably, this is the largest fine for a breach of the European Union’s General Data Protection Regulation. It fined WhatsApp €225 million last year. However, Meta continues to review DPC’s decision on Instagram carefully.