A long-running complaint related to how Instagram handles children’s data has been settled with a €405 million fine, after European Union privacy regulators found the company to be in breach of EU’s General Data Protection Regulation (GDPR).
The final GDPR decision on the Instagram inquiry was sent to Meta on Friday ahead of formal publication on the websites of the company’s lead data supervisor in the EU, Ireland’s Data Protection Commission (DPC), and the European Data Protection Board (EDPB).
The Instagram penalty is the largest GDPR penalty the social media giant has ever been hit with following a $267 million penalty levied on WhatsApp last September for violating the GDPR’s transparency principle.
The violations include a complaint focused on the platform’s processing of children’s data for business accounts, and some settings during user registration where child user accounts were set to “public” by default, unless they changed the account settings back to “private.”
The GDPR also believes the platform should provide suitably clear communications that children can understand.
If you see something out of place or would like to contribute to this story, check out our Ethics and Policy section.