The Washington Post

Irish watchdog fines Instagram $400M over handling of teens’ data


Ireland has fined Instagram a record 405 million euros (about $403 million) for alleged mishandlin­g of teens’ data.

“We adopted our final decision last Friday and it does contain a fine of €405 million,” Graham Doyle, deputy commission­er with the Irish Data Protection Commission, told The Washington Post, adding that full details will be announced next week.

The decision by Ireland’s data privacy watchdog came after a two-year investigat­ion into Instagram’s “business accounts,” which give users more advanced metrics for tracking views and likes but before 2019 were prone to publishing users’ phone numbers and email addresses under default settings. Instagram’s minimum age for users is 13.

A 2019 study by data analyst David Stier found that more than 60 million Instagram users under the age of 18 were given the chance to change their personal accounts into business accounts. And many did so, partly motivated by access to metrics such as how many people had visited a profile and views for individual posts. But the underage users could be unaware that their contact informatio­n was exposed by default.

Instagram “engaged fully” with the regulator throughout the investigat­ion but disagreed with how the penalty was calculated, a spokespers­on for its parent company, Meta Platforms, said in an emailed statement.

“This inquiry focused on old settings that we updated over a year ago, and we’ve since released many new features to help keep teens safe and their informatio­n private,” the statement said, adding that the company is carefully reviewing the decision and considerin­g an appeal.

The inquiry into Instagram, conducted under European Union privacy rules introduced in 2018, is one of several investigat­ions into Meta companies by the office of Irish Data Protection Commission­er Helen Dixon. Meta’s Whatsapp unit was fined 225 million euros last year, while Facebook was fined 17 million euros in March, meaning the Instagram fine brings Ireland’s total penalties against the company over data and privacy issues to 647 million euros over the past two years.

The latest penalty is the most Ireland has fined any company over data privacy, and the second-highest related fine in the E.U. after Luxembourg’s regulators fined Amazon 746 million euros last year.

Data regulators in several other E.U. countries initially objected to Ireland’s proposals to penalize Instagram, but they managed to agree on the ruling as part of a Pan-european enforcemen­t model, which authorizes data regulators to impose stiff fines for breaches.

The Irish regulator supervises a number of multinatio­nal tech giants, including Apple, Google, Meta and other companies that have their E.U. headquarte­rs in Ireland.

Newspapers in English

Newspapers from United States