Ireland is not fucking around with Meta. The Irish Data Protection Commission has fined the social media platform Instagram €405 million over its alleged mishandling of data from business accounts run by 13 to 17 year olds.
Instagram was just served a hefty fine of €405 million from the Irish Data Protection Center over its alleged mishandling of children’s data—that’s a little over $400 million. According to BBC News, the fine is more specifically in response to Instagram violating the General Data Protection Regulation with their handling of business accounts. Users may switch to these accounts (even if they don’t run a business) in order to access metrics like how many profile visits they’ve received and how many times one of their posts was shared. In switching to a business account, user data like email addresses and phone numbers was made more public.
“This inquiry focused on old settings that we updated over a year ago and we’ve since released many new features to help keep teens safe and their information private,” Instagram parent company Meta said to BBC News. “Anyone under 18 automatically has their account set to private when they join Instagram, so only people they know can see what they post and adults can’t message teens who don’t follow them.”
Meta plans to appeal the fine, which is the result of an investigation that began in 2020. This is unsurprisingly not the first time the Irish Data Protection Commission has fined Meta subsidiaries. Politico reported in September 2021 that WhatsApp was fined €225 million over its lack of transparency surrounding how it uses people’s personal information. Likewise, Meta itself was fined a meager €17 million in March 2022 for data breaches in 2018.
As social media platforms continue to integrate themselves into our world’s digital infrastructure, fines like these and bodies like the Irish Data Protection Committee are crucial to ensure that these platforms remain on their best behavior.