Irish regulator slap Instagram with €405m fine for privacy failures

Instagram

Ireland’s Data Protection Commission has fined social media giant Instagram €405m for failures around handling personal information.

According to Security Week, an investigation found that the platform had mishandled teenagers’ personal information in violation with strict EU data privacy rules.

The publication noted that the penalty is the second biggest issued under the EU’s privacy rules, after Luxembourg’s regulators fined Amazon €746m last year.

Meta – Instagram’s parent company – said that while it had ‘engaged fully’ with regulators through the investigation, it disagrees with how the fine was calculated. The company added that it intends to appeal the decision.

The investigation entered on how Instagram displayed the personal details of users ages 13 to 17, including email addresses and phone numbers. The minimum age for Instagram users is 13.

Security Week highlighted that the investigation began after a data scientist found that users – including those under 18 – were switching to business accounts and had their contact information displayed on their profiles.

Users were apparently doing it to see statistics on how many likes their posts were receiving after Instagram started removing the feature from personal accounts in some countries to help with mental health.

Instagram said the inquiry focused on old settings’ that were updated more than a year ago, and it has since released new privacy features for teens, including automatically setting their accounts to private when they join.

Last year, the DPC hit WhatsApp with a $225m fine after it failed to disclose enough information to users about the data shared with other Facebook companies.

Copyright © 2022 RegTech Analyst

Enjoyed the story? 

Subscribe to our weekly RegTech newsletter and get the latest industry news & research

Copyright © 2018 RegTech Analyst

Investors

The following investor(s) were tagged in this article.