DPC fines Instagram €405 million for breaches regarding children’s data

The Data Protection Commission (DPC) has imposed its largest fine to date of €405 million, on the social media platform Instagram, for violations of the General Data Protection Regulation (GDPR).

The GDPR violations centre on breaches in relation to children’s data by Facebook Ireland Limited on the Instagram platform, who are owned by Facebook parent company, Meta. 

The DPC will publish full details of its decision next week, however, their investigations which commenced in September 2020, had found that children between the ages of 13 and 17 were allowed to operate ‘business accounts’ on Instagram, which facilitated the publication of their phone number and/or email address. They also discovered that the accounts of child users were automatically set to “public” on registration. 

Meta are expected to appeal the DPC decision following the publication of the decision by the DPC next week. 

For further information, please contact Seán O’Donnell, Zelda Deasy or any member of the ByrneWallace LLP Data Protection/GDPR Team.