Meta’s Instagram service has been ordered to pay a €405 million fine for the way it handled teen data in Ireland, Politico reported.
The regulator is still investigating at least six other cases with Meta-owned companies.
In this one, the Irish regulator found that Instagram’s behaviour with children’s privacy, including allowing publication of their email addresses and phone numbers in public default settings, violated GDPR privacy rules.
The regulator confirmed the penalty in an emailed statement but gave no further comment. The Verge notes that full details about the decision will be published next week.
The Irish regulator imposed the fine after starting a dispute-resolution mechanism to resolve other European data protection authorities’ input on the penalty.
In response to the news, Meta noted that the inquiry focused on old settings that were updated over one year ago. The company added that it has since also released many new features to help keep teens safe and their information private.
“Anyone under 18 automatically has their account set to private when they join Instagram, so only people they know can see what they post, and adults can’t message teens who don’t follow them. We engaged fully with the DPC throughout their inquiry, and we’re carefully reviewing their final decision,” a Meta spokesperson added.