IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Instagram slapped with €405 million GDPR fine over breaches

The social media platform becomes the third Meta-owned company to be hit with privacy penalty

Instagram has been issued a fine totalling €405 million by the Irish Data Protection Commission (DPC) after the social media platform was found to have violated the General Data Protection Regulation (GDPR).

The decision means Instagram is now the third Meta-owned company to be fined by the Irish regulator for falling foul of the EU’s data rules.

The €405 million penalty is also the largest to be dished out to a Meta-owned business and the second biggest overall, after Luxembourg regulators fined Amazon €746m for GDPR-related breaches last year.

"We adopted our final decision last Friday and it does contain a fine of 405 million euros," the DPC confirmed in a statement, adding that full details will be published “next week”.

The complaint against Instagram focuses on the platform’s processing of children’s data. Back in 2020, the DPC began investigating a setting that allowed users aged between 13-17 to set up business accounts that publicly displayed their phone numbers and email addresses.

The watchdog found that the platform’s user registration system operated in such a way that new accounts would have contact details visibility set to “public” by default – unless the user actively selected “private”.

In a statement issued in response to the fine, Meta said it “engaged fully” with the DPC and is reviewing the outcome.

“This inquiry focused on old settings that we updated over a year ago, and we’ve since released many new features to help keep teens safe and their information private," the spokesperson said. 

"Anyone under 18 automatically has their account set to private when they join Instagram, so only people they know can see what they post, and adults can’t message teens who don’t follow them.”

They added: “We engaged fully with the DPC throughout their inquiry, and we’re carefully reviewing their final decision.”

The Irish regulator oversees a host of technology behemoths that have their EU headquarters in Ireland - including Google, Apple, and Meta itself.

Related Resource

The trusted data centre and storage infrastructure

Invest in infrastructure modernisation to drive improved outcomes

Whitepaper cover with image of female sat on floor with laptop on her knee leaning against a serverFree Download

The firm’s Instagram breach is not the first time it has been issued a fine from the DPC, which acts in accordance with data privacy rules introduced by the EU back in 2018.

Last year, messaging platform WhatsApp was slapped with a €225 million penalty relating to its lack of transparency in how it shared user data with sister platform Facebook. The service was found to have violated Article 14 of GDPR, which states that data controllers must provide data subjects with sufficient information regarding how their data is collected and processed.

Back in March of this year, Facebook itself was also fined €17 million for a series of 12 GDPR breaches that took place between 7 June 2018 and 4 December 2018.

Featured Resources

Big data for finance

How to leverage big data analytics and AI in the finance sector

Free Download

Ten critical factors for cloud analytics success

Cloud-native, intelligent, and automated data management strategies to accelerate time to value and ROI

Free Download

Remove barriers and reconnect with your customers

The $260 billion dollar friction problem businesses don't know they have

Free Download

The future of work is already here. Now’s the time to secure it.

Robust security to protect and enable your business

Free Download

Most Popular

How to secure your hybrid workforce
Advertisement Feature

How to secure your hybrid workforce

23 Sep 2022
What your hybrid workforce needs from their laptops
Advertisement Feature

What your hybrid workforce needs from their laptops

21 Sep 2022
Cloud and cyber security certifications remain highest paying for IT professionals
Careers & training

Cloud and cyber security certifications remain highest paying for IT professionals

29 Sep 2022