The Irish Data Protection Commission (DPC) has fined Meta's Instagram €405 million for children's privacy violations under the EU General Data Protection Regulation (GDPR). The second largest fine handed down under the GDPR covers alleged violations stemming from Instagram's default account settings for children aged between 13-17. The settings exposed the email addresses and phone numbers of children associated with the accounts. The investigation into the allegations began in October 2020 and the preliminary decision by the DPC was subject to a dispute resolution procedure under Article 65 of the GDPR in July this year. A spokesperson for Meta said the fine relates to "old settings that we updated over a year ago", and the company is "carefully reviewing their final decision."
The news was also reported in the Financial Times (£), Politico, BBC News, TechCrunch, and Reuters.
What is this page?
You are reading a summary article on the Privacy Newsfeed, a free resource for DPOs and other professionals with privacy or data protection responsibilities helping them stay informed of industry news all in one place. The information here is a brief snippet relating to a single piece of original content or several articles about a common topic or thread. The main contributor is listed in the top left-hand corner, just beneath the article title.
The Privacy Newsfeed monitors over 300 global publications, of which more than 5,750 summary articles have been posted to the online archive dating back to the beginning of 2020. A weekly roundup is available by email every Friday.