Irish regulators are fining Instagram a record-breaking amount of money over its mishandling of teenagers’ personal information on the platform.
Ireland’s Data Protection Commission (DPC) announced on Monday that it decided on issuing a fine against the Meta-owned social media company totaling 405 million euros, roughly $402 million, according to AP News.
Meta asserted in an email that it intends to appeal the ruling, stating, “we disagree with how this fine was calculated.”
At issue was the public accessibility of the personal information of Instagram users in Ireland aged 13 to 17 in 2020. Such information included things like telephone numbers and email addresses.
Instagram had made accounts for that age group public by default. It also allowed those users to create public-facing business accounts, which display contact information and even physical addresses.
The platform eventually rectified the matter. However, it seemingly had violated the European Union’s relatively stringent privacy law, the General Data Protection Regulation (GDPR), which governs how children’s personal data can be handled online. The law went into effect in May 2018.
The law was described by privacy, identity, and consent management group PRIVO as having “changed the privacy landscape” in Europe, “bringing the protection of personal data into sharp focus for industry and consumers.”
Still, even though the DPC found Instagram to have been in clear violation of the GDPR, the social media company protested, stating that the original inquiry into the matter looked into what amounted to “old settings” that had since been updated for more than a year from now.
“We’re continuing to carefully review the rest of the decision,” stated Instagram.
Instagram is not the only tech company to face scrutiny in Europe for violations of online data protection and privacy laws.
WhatsApp was fined $267 million in euros by the DPC in 2021 for running afoul of the GDPR.
For its part, Amazon holds the record for the biggest fine levied against a company for alleged breaches of European data protection laws, getting hit with a 636 million euro penalty.