Instagram was punished by the Data Protection Commission in Ireland after it was found to have distributed the contact information of minors who had signed up for the service as businesses or creators. The DPC slapped the social media site with a €405 million fine, the second largest ever for rule violations.
The contact information of minors who ran Instagram accounts for businesses or creators was being routinely shared until the summer of last year. Though no official numbers have been released, the DPC believes that millions of youngsters across the European Union have been affected by this practice. The disclosure of children’s contact information made it possible for adults to get in touch with them.
As stated by a representative of Meta:
“This inquiry focused on old settings that we updated over a year ago, and we’ve since released many new features to help keep teens safe and their information private. Anyone under 18 automatically has their account set to private when they join Instagram, so only people they know can see what they post, and adults can’t message teens who don’t follow them. We engaged fully with the DPC throughout their inquiry, and we’re carefully reviewing their final decision.”
The DPC has not yet posted any information regarding the fine on its website, but it expects to do so by the end of this week. The DPC’s largest sanction to date was €746 million, levied against Amazon for improperly handling personal data.
The DPC has stated that it is conducting six further investigations into allegations made against Meta, so the company may be in for more bad news in the coming months. Though it hasn’t said what it’s investigating just yet, significant fines are likely to result from whatever it finds.