Instagram is fined €405 MILLION by Irish data watchdog for letting teenagers set up accounts that publicly displayed their phone numbers and email addresses
- Instagram let teenagers aged 13-17 operate business accounts on the platform
- These accounts showed information including phone number and email address
- Mark Zuckerberg’s Meta, which owns Instagram, intends to contest the fine
Irish regulators are fining Instagram €405 million (£348 million) after the platform mishandled teenagers’ personal information in violation of EU data privacy rules.
Meta’s photo-sharing app let teens set up business accounts that publicly displayed their phone numbers and email addresses, says Ireland’s Data Protection Commission.
This was in breach of the EU’s general data protection regulation (GDPR), described as the toughest privacy and security law in the world.
The penalty is the second-biggest issued under the EU’s stringent privacy rules, after Luxembourg’s regulators fined Amazon €746 million last year.
Ireland’s Data Protection Commission said it made a final decision on Friday to fine the company 405 million euros ($402 million) for mishandling teenagers’ personal data
WHAT IS GDPR?
General Data Protection Regulation (GDPR) is a data protection law that entered into force on May 25, 2018.
It aims to strengthen and unify data protection for all individuals within the European Union (EU).
This means cracking down on how companies like Facebook use and sell the data they collect on their users.
Under GDPR, companies are required to report data breaches within 72 hours, as well as to allow customers to export their data and delete it.
Mark Zuckerberg’s company Meta owns Instagram, as well as Facebook, WhatsApp and a host of other platforms.
In a statement, Meta said that while it had ‘engaged fully’ with regulators throughout the investigation, ‘we disagree with how this fine was calculated and intend to appeal it’.
Andy Burrows, Head of Child Safety Online Policy at NSPCC, said this was a ‘major breach’ that had ‘the potential to cause real harm to children using Instagram.’
‘The ruling demonstrates how effective enforcement can protect children on social media and underlines how regulation is already making children safer online,’ he said.
Ireland’s Data Protection Commission (DPC) made a final decision last week to fine Instagram €405 million, although the full details won’t be released until next week.
DPC’s two-year investigation centered on how Instagram displayed the personal details of users ages 13 to 17, including email addresses and phone numbers. The minimum age for Instagram users is 13.
The investigation began after a data scientist found that users, including those under 18, were switching to business accounts and had their contact information displayed on their profiles.
Users were apparently doing it to see statistics on how many likes their posts were getting after Instagram started removing the feature from personal accounts in some countries to help with mental health.
Instagram said the inquiry focused on ‘old settings’ that were updated more than a year ago, and it has since released new privacy features for teens, including automatically setting their accounts to private when they join.
Instagram’s full statement said: ‘This inquiry focused on old settings that we updated over a year ago, and we’ve since released many new features to help keep teens safe and their information private.
‘Anyone under 18 automatically has their account set to private when they join Instagram, so only people they know can see what they post, and adults can’t message teens who don’t follow them.
‘While we’ve engaged fully with the DPC throughout their inquiry, we disagree with how this fine was calculated and intend to appeal it.
‘We’re continuing to carefully review the rest of the decision.’
Ireland’s Data Protection Commission (DPC) made a final decision last week to fine Instagram €405 million
Ireland’s DPC is the lead data privacy regulator for Facebook within the European Union.
DPC regulates Meta on behalf of the EU because the European headquarters of Mark Zuckerberg’s company are in Dublin.
The watchdog has a raft of other inquiries into Meta-owned companies.
A year ago, it fined WhatsApp €225 million for breaching rules on transparency about sharing people´s data with other Meta companies.
At the time, WhatsApp said the fine was ‘entirely disproportionate’ and that it would appeal.
However, the WhatsApp fine is significantly less than the record $886.6 million (£636 million) fine given out to Amazon by the Luxembourg privacy agency in July 2021.
WHATSAPP FINED £193 MILLION BY IRELAND FOR BREACHING EU LAWS OVER TRANSPARENCY ON HOW IT SHARES USER DATA
In 2021, WhatsApp was been fined £193 million by Ireland for breaching EU laws over its transparency on how it shares users’ data.
The messaging service, owned by Facebook, was fined by the Irish data protection regulator in September after the EU privacy watchdog pressured Ireland to raise the penalty for the company’s privacy breaches.
WhatsApp said the 225 million euro fine was ‘entirely disproportionate’ and that it would appeal.
Ireland’s Data Privacy Commissioner (DPC), the lead data privacy regulator for Facebook within the European Union, said the issues related to whether WhatsApp conformed in 2018 with EU data rules about transparency.
The Irish regulator also reprimanded and ordered WhatsApp to bring its processing into compliance by taking ‘a range of specified remedial actions’.
The Irish regulator had 14 major inquiries into Facebook and its subsidiaries WhatsApp and Instagram open as of the end of last year.
The WhatsApp fine is significantly less than the record $886.6 million euro fine given out to Amazon by the Luxembourg privacy agency in July.
Source: Read Full Article