Irish regulators have fined Instagram €405m for violating children’s privacy.
The long-running complaint concerned children’s data – particularly their phone numbers and email addresses.
Some reportedly upgraded to business accounts to access analytics tools such as profile visits, without realising this made more of their data public.
Instagram’s owner, Meta, said it planned to appeal against the decision. It is the third fine handed to the company by the regulator.
“We adopted our final decision last Friday and it does contain a fine of €405m [£349m],” Ireland’s Data Protection Commissioner (DPC) said.
‘Major breach’
The DPC regulates large technology companies with European headquarters in the Republic of Ireland.
It has never given such a large fine for a breach of the European Union’s General Data Protection Regulation.
But last year, it fined WhatsApp €225m,
while Luxembourg’s data authority fined Amazon a record €746m.
National Society for the Prevention of Cruelty to Children (NSPCC) child-safety-online policy head Andy Burrows said of Instagram’s fine: “This was a major breach that had significant safeguarding implications and the potential to cause real harm to children using Instagram.
“The ruling demonstrates how effective enforcement can protect children on social media and underlines how regulation is already making children safer online.
“It’s now over to the new prime minister to keep the promise to give children the strongest possible protections by delivering the Online Safety Bill in full and without delay.”