Irish data protection authority imposes €405 million GDPR fine on Instagram

[German]It's happened again – the Irish Data Protection Authority (DPC) has issued a fine of 405 million euros against Meta subsidiary Instagram. It's about data breaches due to the platform's violation of the privacy of children between the ages of 13 and 17. 


According to Reuters, the investigation of Instagram by the Irish Data Protection Commission began back in 2020 and focused on the handling of data of underage users between the ages of 13 and 17. Teenagers were allowed by Instagram to operate business accounts that allowed the publication of the user's phone number and/or email address..

Instagram has since revised its terms and conditions in this regard, to be sure. But the Irish Data Protection Authority announced last Friday (September 2, 2022) its decision to fine meta-subsidiary Instagram €405 million for GDPR violations. A spokesperson commented:

We adopted our final decision last Friday and it does contain a fine of 405 million euro

So the Commission has made the decision on the above fine. Details are not available at this time – but Meta has already announced that it will challenge this fine. A spokesperson told Politico:

This inquiry focused on old settings that we updated over a year ago, and we've since released many new features to help keep teens safe and their information private. Anyone under 18 automatically has their account set to private when they join Instagram, so only people they know can see what they post, and adults can't message teens who don't follow them. We engaged fully with the DPC throughout their inquiry, and we're carefully reviewing their final decision.

The fine is the second-highest penalty imposed for violations of the General Data Protection Regulation, following a €746 million fine against Amazon. And it is the third fine imposed by the Irish regulator on a company owned by Meta. In general, Meta is in good "business" with the Irish data protection authority. There was a €224 million fine against WhatsApp (see GDPR: WhatsApp fined with 225 million Euro) and a €17 million fine against Facebook – all for GDPR violations. The Irish data protection authority has at least six more investigations against Meta-owned companies in the pipeline, Politico reports.

Cookies helps to fund this blog: Cookie settings

This entry was posted in General and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *