The Data Protection Commissioner (DPC), an independent national authority in Ireland tasked with defending individuals’ basic rights to privacy and other online freedoms under the GDPR rule, will impose a sizeable punishment on Instagram. More than $400 million must be paid by Meta’s social network for how it handled young users’ data up until last summer.
The EU privacy regulator has confirmed the decision, which was not yet reflected in the news & media section of the DPC website at the time of writing. The sizable fine — one of the largest ever levied by the Irish authority — follows a thorough investigation that began in 2020 regarding how the social network handled the data of its youngest users, those between the ages of 13 and 17. These users were among the network’s 13 to 17-year-old users.
Investigators from the DPC said that Instagram enabled young users to manage “business” or creator accounts, making it easier to publish and exchange contact information with strangers and adults. Even though the DPC hasn’t provided specific numbers beyond the €405 million punishment, millions of European youngsters may be at risk. A DPC official said that complete information regarding the choice should be available by next week.
Automatic data sharing for kid accounts is a problem that Meta addressed about a year ago; according to Instagram’s parent company, the DPC’s investigation focuses on an outdated setting that ignores current updates. According to a Meta representative, “anyone under 18 immediately gets their account set to private when they join Instagram,” meaning only individuals they know can view the content they post and adults cannot message kids who are not following them.
To read our blog on “Instagram disagrees sharing your location information with followers,” click here.
