Facebook-owned Instagram is facing a huge privacy fine from the European Union. This time, it’s a massive €405 for breaching the General Data Protection Regulation (GDPR).
The fine was issued by the Irish Data Protection Commission (DPC) after Instagram was found wanting for how it processed children’s data.
This is the second largest GDPR fine ever issued after the €746 million levied on Amazon in 2021.
Instagram apparently set all contact details for new users to "publicly available" when creating new accounts. The user would actively have to set this to private to protect it.
This contravenes the GDPR, which is all about protecting user data within the European Union.
Instagram says it has made changes since the finding to correct the issue and improve privacy settings.
“This inquiry focused on old settings that we updated over a year ago, and we’ve since released many new features to help keep teens safe and their information private," an Instagram spokesperson said.
"Anyone under 18 automatically has their account set to private when they join Instagram, so only people they know can see what they post, and adults can’t message teens who don’t follow them."
"We engaged fully with the DPC throughout their inquiry, and we’re carefully reviewing their final decision."
This huge fine for data handling comes after WhatsApp was also fined €235 million for its lack of transparency with how data was shared with Facebook.
Facebook was also directly fined €17 million earlier this year for GDPR data breaches, 12 of them in fact.
This is turning out to be a very expensive year for the company. Let’s hope this is the last fine and last instance of mishandling our data we have to report!