EU privacy regulators came to a decision on a long-running complaint over Instagram’s handling of children’s sensitive data
Instagram is charged with a penalty for the breach of the EU’s General Data Protection Regulation (GDPR). As reported by Politico, the fine will total €405 million.
This is the largest GDPR penalty the social media giant has been hit with up-to-date. Previously, its parent company Meta faced a $267 million penalty over WhatsApp violations of the GDPR transparency principle.
The current Instagram complaint focused on the platform’s processing of children’s data for business accounts. Besides, there are inefficiencies in the platform’s user registration system. For instance, the accounts of child users are set to “public” by default, unless the user changed the account settings to “private.”
Not only does GDPR contain strong default privacy requirements but also EU’s provisions specifically aim to enhance the protection of children’s data. According to European legislation, services targeting kids should provide suitably clear communications that children can understand.
The exact reasoning for the Instagram fine will be released next week.