The Irish data protection authority DPC has fined Instagram 405 million euros. The brand of the tech giant Meta was accused of being too careless with the data of minors.

There are around 2 billion Instagram users worldwide (source). The social media platform is particularly popular with teenagers between the ages of 13 and 17. And it is precisely this age group that is allowed to operate a so-called “business account” on Instagram. This automatically publishes personal user data. A violation of existing data protection guidelines, according to the Irish data protection authority DPC – and imposes a record fine on Instagram.

Serious violations of data protection rules for minors

It is well known that minors need special protection on the Internet. But Instagram apparently didn’t take this very seriously. Teenagers between the ages of 13 and 17 were allowed to open a business account on the platform, the Irish data protection authority DPC announced. With serious consequences, because private data – such as email address and cell phone number – were automatically published due to the default settings. In addition, the accounts had been set to “public” by default, which meant that all content could be viewed by all users.

Meta has already been punished several times in Ireland

Such accusations are not new. As early as 2021, the DPC imposed a fine of 225 million euros on Meta subsidiary WhatsApp – also for data protection violations. This was followed in March 2022 by another fine of 17 million euros against the parent company. Now the record fine. 405 million euros Instagram must pay for the renewed data protection breach.

Parent company disagrees

Meta announced that it would appeal the decision. It had been a matter of outdated settings that had long since been revised. In addition, teen accounts are now set to “private” by default when joining, the company said in a statement. Courts will have to decide whether the record fine actually has to be paid in full.