A few days ago, it was reported that after a two-year investigation, the Irish Data Protection Commission (hereinafter referred to as the DPC) determined that the social platform Instagram set the accounts of minor users between the ages of 13 and 17 to public by default, and allowed commercial The disclosure of email addresses and phone numbers by underage users of the accounts violated the General Data Protection Regulation and imposed a fine of 405 million euros on its parent company Meta.
A DPC spokesperson confirmed the news. According to it, "We passed the final decision on Friday, which did contain a fine of 405 million euros. The full details of this decision will be announced next week."
The Meta side said, "This investigation focuses on the old settings that we have updated more than a year ago, and since then we have released many new features to help protect the safety of teens and the privacy of their information. Anyone under the age of 18 of people who join Instagram have their accounts automatically set to private, so only people they know can see what they post, and adults can’t message teens who don’t follow them.”
And Meta also revealed, "While we have been fully cooperating with the Irish Data Protection Commission throughout the investigation process, we disagree with how this fine was calculated and intend to appeal. We are continuing to carefully review the remainder of this decision. Part".
Previously, the DPC had launched more than a dozen investigations into Meta. For example, in September 2021, Meta’s instant messaging app WhatsApp was fined 225 million euros for violating the General Data Protection Regulation. It is reported that the fine of up to 405 million euros is the highest fine issued by the DPC to Meta so far, and it is also the second highest fine issued to a company under the General Data Protection Regulation, after the July 2021 fine. Amazon fined 746 million euros.
In fact, in April of this year, Meta said that it may be subject to a huge fine by the European Union due to data protection issues. In its earnings report for the first quarter of this year, the company said, "We believe that there is a reasonable possibility that the additional losses associated with these matters will be very large."
In response to the DPC's decision, Andy Burrows, head of online policy for child safety at the British Society for the Prevention of Cruelty to Children, said: "This is a serious breach involving minors using Instagram. significant safety implications and the potential to cause real harm. This ruling demonstrates how effective law enforcement can be in protecting minors on social media and highlights how regulation is already making minors safer online.”