The Irish data authority, Data Protection Commission (DPC), has fined Instagram’s owner Meta €405 million (£349 million) for allowing youngsters to create profiles that disclosed their phone numbers and email addresses to the public.
After a two-year inquiry into possible violations of the European Union’s general data protection regulation (GDPR), the DPC confirmed the penalty.
Users between the ages of 13 and 17 were permitted to operate business accounts on Instagram, which displayed their phone numbers and email addresses. The DPC also discovered that the platform featured a user registration process wherein accounts of 13 to 17-year-old users were automatically set to “public.”
The sum, which follows a €17 million sanction in March of this year and a €225 million penalty for “serious” and “severe” GDPR violations on WhatsApp, is the largest the watchdog has ever issued on Meta.
The fine is the second largest under GDPR after the €746m levied on Amazon in July 2021.