According to the Irish Data Protection Commission (DPC), Instagram has released children’s personal information, while it has not been sufficiently made clear to younger users. This included email addresses and cell phone numbers.
The DPC investigation followed the findings of American data scientist David Steer. It was discovered in 2019 that children agreed to release their details if their accounts were transferred from a personal account to a business account. Teenagers between the ages of 13 and 17 can start such a business account to promote or sell things, for example.
This business account offers benefits such as access to comprehensive analytics that allowed teens to understand how many people are visiting their account. But many of them did not realize that they were also providing personal data.
Old settings
Full details of the decision will be announced next week. Instagram’s parent company Meta has informed various media outlets that the fine is related to the old settings that the company has already modified in September 2019. This is why it wants to appeal the fine account.
Under European data law, companies can be investigated by the privacy watchdog in the country where they are headquartered in Europe. Many of the major tech companies are based in Ireland for tax reasons, giving the Irish data regulator an important role.
It is the second highest fine imposed on the basis of the European privacy legislation of the General Data Protection Regulation. Last summer, Amazon was fined 746 million euros. Higher privacy fine would be for Meta. Last year, WhatsApp (just like Instagram, a subsidiary of Meta) was fined €225 million because the company was not clear about the data it shared with Meta.