Instagram has been fined by Ireland’s Data Protection Commission for sharing the e-mail addresses and phone numbers of children who signed up to the service as a business or a creator. The DPC has hit the social media platform with a €405 million fine, making it the second largest ever for rule breaches.
Instagram had been automatically sharing the contact details of children if they were operating a business or creator account until last summer. It’s believed that this practice has impacted millions of children around the European Union, but no concrete figures have been provided by the DPC. By sharing children’s contact details, it meant they were contactable by adults.
In a statement, a Meta spokesperson said:
“This inquiry focused on old settings that we updated over a year ago, and we’ve since released many new features to help keep teens safe and their information private. Anyone under 18 automatically has their account set to private when they join Instagram, so only people they know can see what they post, and adults can’t message teens who don’t follow them. We engaged fully with the DPC throughout their inquiry, and we’re carefully reviewing their final decision.”
There is nothing about the fine on the DPC’s website just yet, it’s planning to release the full details next week. Apparently, the only fine that has been issued by the DPC that is larger than this one is a €746 million fine issued to Amazon for processing data it shouldn’t have.
There could be more bad news for Meta coming from the DPC in the months ahead, as it said it had six other investigations related to Meta in the works. It hasn’t revealed what it’s looking into just yet, but it won’t be surprising if the fines are hefty.
Source: Politico via The Telegraph (Yahoo! Finance)