The Irish Data Protection Commission (DPC) has issued a record-breaking fine of €405 million to social media giant Instagram for violating the EU's General Data Protection Regulation (GDPR). This is the highest fine ever imposed on a company owned by headquarters, surpassing the previous record of €225 million imposed on WhatsApp and €17 million on Facebook.
The DPC is currently conducting at least six more investigations into companies owned by Meta, Instagram's parent company. WhatsApp is also expected to face a fine of $267 million for violating the GDPR.
The complaint against Instagram was centered around its handling of children's data for business accounts and the user registration system it operated. The GDPR requires privacy by design and by default, which includes provisions aimed at increasing the protection of children's information specifically and ensuring that services intended for children comply with the principles of transparency and responsibility.
The GDPR also mandates that default settings should be privacy-friendly, and users must be given a clear and simple explanation of how their data is processed. However, the children's accounts on Instagram were set to default, meaning that everyone could see their information unless they manually changed their account settings to private.
The decision regarding WhatsApp went through a review process after objections were submitted to its draft, and the amount of the fine was significantly increased as a result. It remains to be seen if the same thing will happen in the case of Instagram.
As Instagram faces the biggest GDPR fine in history, other social media networks may be on high alert. With at least six more investigations underway, companies must take data protection and privacy seriously, or they risk being penalized for violations like these.
Comments