Meta Slapped With $400 Million Fine Over Children’s Data Bungle on Instagram

Ireland’s data watchdog fined Meta $402 million (€405 million) in a long-running investigation that found Instagram allegedly violated the European Union’s data privacy laws protecting children’s privacy online. The fine is the second largest to date under the General Data Protection Regulation levied by the Irish Data Protection Commission (DPC) against big tech. Top line Instagram has been penalized for allegedly letting children operate a business account on its platform, an account type that exposes the account holder’s email address and phone number. Politico first reported this fine. The DPC also found the accounts of children aged 13 to 17 years were set to “public” as their default setting. What to Know About the EU’s Latest Big Tech Policing Law Meta disagrees with this decision and will appeal the calculation of the fine. A Meta spokesperson told Adweek the inquiry is focused on old settings which the company updated over a year ago. Instagram’s latest setting automatically has accounts of anyone under 18 set to private when they join Instagram. Adults can’t message teens who don’t follow their accounts, Meta added. Over the last year, Meta has also released many new features that help keep teens safe and their information private. Due to its latest update, Instagram now notifies teens who have previously created business or creator accounts telling them that showing their contact information is now optional and can be removed. The ability for people to tag or mention teens who don’t follow them is now off by default, and people under 16 will default into the "Less" setting of Meta’s Sensitive Content Control when they join Instagram, making it even more difficult for them to come across potentially sensitive content or accounts. Between the lines Ireland, the European headquarters of Meta, has been criticized by privacy advocates for not being more aggressive in enforcing the GDPR rules. Last year, the tech giant was fined €225 million for violations related to its WhatsApp service. This March, Meta was fined €17 million over a data breach. Ireland has 37 more privacy-related cases concerning big tech, per The Wall Street Journal. European policymakers are taking the privacy of children online more seriously. The Digital Service Act, passed this year, limits how big tech can collect data while banning ads targeted at children under 18 years based on sensitive data. On this side of the Atlantic, Biden has flagged the importance of protecting children on social media while holding big tech accountable. Policymakers are not far behind, especially in California, which advanced a bill last week that would improve children’s safety online and cost companies violations up to $7,500. Britain passed a similar law, called the Age-Appropriate Design Code, last year. In a separate case, Irish regulators have threatened to shut down Meta’s services in the EU in a draft decision to European regulators, for sending people’s data from EU to the U.S. This issue stems from a court case over European people's data access by the American government. Bottom line The Irish authorities will release further decisions about Instagram’s current violations later next week. Meta’s decision to appeal could end up in a lengthy legal process. In the past, the company settled $90 million in a decade-long lawsuit.