Ireland has fined Instagram a record $403 million for alleged mishandling of teens’ data.
“We adopted our final decision last Friday and it does contain a fine of 405 million (euros),” Graham Doyle, deputy commissioner with the Irish Data Protection Commission, told The Post, adding that full details will be announced next week.
The decision by Ireland’s data privacy watchdog came after a two-year investigation into Instagram’s “business accounts,” which give users more advanced metrics for tracking views and likes but before 2019 were prone to publishing users’ phone numbers and email addresses under default settings.
Instagram’s minimum age for users is 13.
A 2019 study by data analyst David Stier found that more than 60 million Instagram users under the age of 18 were given the chance to change their personal accounts into business accounts.
And many did so, partly motivated by access to metrics such as how many people had visited a profile and views for individual posts.
But the underage users could be unaware that their contact information was exposed by default.
Instagram “engaged fully” with the regulator throughout the investigation but disagreed with how the penalty was calculated, a spokesperson for its parent company, Meta Platforms, said in an emailed statement.
“This inquiry focused on old settings that we updated over a year ago, and we’ve since released many new features to help keep teens safe and their information private,” the statement said.
The inquiry into Instagram, conducted under E.U. privacy rules introduced in 2018, is one of several investigations by Data Protection Commissioner Helen Dixon’s office into Meta companies.
Meta’s WhatsApp unit was fined 225 million euros last year, while Facebook was fined 17 million euros in March, meaning the Instagram fine brings Ireland’s total penalties against the company over data and privacy issues to 647 million euros in the past two years.
The latest penalty is the most Ireland has fined any company over data privacy, and the second-highest related fine in the E.U. after Luxembourg’s regulators fined Amazon 746 million euros last year.
Data regulators in several other E.U. countries initially objected to Ireland’s proposals to penalize Instagram, but they managed to agree on the ruling as part of a Pan-European enforcement model, which authorizes data regulators to impose stiff fines for breaches.
The Irish regulator supervises a number of multinational tech giants, including Apple, Google, Meta and other companies that have their E.U. headquarters in Ireland.
Local journalism is essential.
Give directly to The Spokesman-Review's Northwest Passages community forums series -- which helps to offset the costs of several reporter and editor positions at the newspaper -- by using the easy options below. Gifts processed in this system are not tax deductible, but are predominately used to help meet the local financial requirements needed to receive national matching-grant funds.
Subscribe now to get breaking news alerts in your email inbox
Get breaking news delivered to your inbox as it happens.