Meta, Instagram’s parent company, has been handed a €405 million fine (£349 million) by the European data privacy regulator for violating General Data Protection Regulation (GDPR). The sum is the largest fine the Data Protection Commissioner (DPC) has levelled against Meta.
It’s the third fine Meta has faced from the European Data Protection Commission – WhatsApp received a €225 million fine last year and Facebook was fined €18.6 million earlier this year, both for breaches of GDPR.
The DPCs accused Instagram of failing to take responsibility for 13 to 17-year-olds privacy who have accounts on their site. The grounds for the accusations are two-fold:
- Teenagers who created accounts on Instagram had their profiles made public by default, giving any user access to their content or direct messaging.
- Children were allowed to operate business accounts, which published the account holder’s email address and/or phone number. Many teenagers were opting for business accounts as it gave them access to more thorough analytics.
The investigation began in 2020 and was finalised in late September. It is one of dozens of investigations into Meta the DPC has.
The DPC’s EU headquarters are in Ireland, and they’re responsible for regulating tech giants, including Facebook, Google, Apple, and others. They regulate Meta on behalf of the EU. They gave Amazon a whopping €746 million fine last year – the largest fine for a GDPR breach ever awarded.
A spokesperson for Meta claims that the “inquiry focused on old settings that we updated over a year ago, and we’ve since released many new features to help keep teens safe and their information private.” Updates have ensured that minors signing up for accounts on the site have their profile set to private automatically. They are disputing the fine.
What is the GDPR?
The GDPR is the European data protection law that regulates how organisations control data. It requires privacy to be an utmost priority by default, and is among the most progressive approaches to handling personal data – information that can personally identify you.
There are specific strict requirements regarding safeguarding children. It does specify that companies must be transparent with children about how their data is managed – in language they can understand.
Each country within the EU has the liberty to slightly alter the GDPR to suit its specific needs – resulting in the UK’s Data Protection Act (2018).
HNK Solicitors can help you claim compensation if you were the victim of a GDPR breach
Organisations are required by law to keep your personal data safe. If an organisation failed to protect your data, you could be entitled to data breach compensation.
We have years of experience with data protection claims and have got countless clients the compensation they deserve. To start your claim, get in touch with us via the contact form on our site, email us at email@example.com or give us a call on 0151 668 0816.
We offer a no-win, no-fee service, so until you receive your compensation, there isn’t a penny to pay.
Our specialist team is ready to start your claim, so get in touch with us today.