- Aug 17, 2014
- 11,108
The DPC’s deadline for making a final decision on this matter was the end of this week. The investigation leading started almost two years ago, and focused on two ways in which the company allegedly breached GDPR rules. The first was Instagram allowing young users, ages 13-17, to set up business accounts on the platform, which made those users’ contact information publicly available. (Users sometimes switch to business accounts because doing so comes with access to more engagement analytics.) Instagram also allegedly made the accounts of some young users public by default.
This is the third and largest fine the DPC has imposed on Meta, easily eclipsing the 225 million euros (about $267 million at the time) the company faced after the DPC found that WhatsApp didn’t properly inform EU citizens about how it collected and used their data, particularly regarding how it shared that data back with Meta. WhatsApp was ordered to change its privacy policy, and said it planned to appeal. There was also a much smaller fine of 17 million euros (about $18.6 million) for record-keeping issues around security breaches. The DPC also has dozens of other investigations underway against Big Tech companies, including several more involving Meta’s data practices.
Meta said in a statement to Politico that it updated the public-by-default setting more than a year ago, and that “anyone under 18 automatically has their account set to private when they join Instagram, so only people they know can see what they post, and adults can’t message teens who don’t follow them.” The company told the Associated Press that “we disagree with how this fine was calculated and intend to appeal it.”
Instagram was fined $402 million for mishandling teens’ data in the EU
Instagram allegedly made some young users’ data public by default, which violates GDPR rules
www.theverge.com