It’s no secret that the EU closely monitors the privacy and data handling practices of major US tech companies through the GDPR Act. Now the law has formed the basis for one of the largest such fines ever imposed, reports Politics.
Ireland’s data protection authority, the Data Protection Commission (DPC), which enforces EU GDPR law, imposed a hefty fine on Meta of €405 million, or approximately NOK 4 billion.
Second largest GDPR fine ever recorded
The fine is imposed for the way the Meta-owned service, Instagram, violated GDPR legislation – more specifically, the way the company handles the data of its youngest users.
It will be the second largest fine ever imposed under the GDPR law, after the record fine of 746 million euros imposed on Amazon a year ago.
A DPC spokesperson confirmed the fine on several media outlets, but did not comment further on the matter. According to the spokesperson, more information will be shared with the public over the next week.
The details of the case are therefore not known, but the basis for the fine is expected to be shortcomings in Instagram’s privacy settings on accounts belonging to children and young people. This should have led to personal data such as email addresses and phone numbers being made public.
A spokesperson for Meta claimed in a comment that the settings the EU was referring to were changed over a year ago and since then the company has released several new updates and changes intended to protect the data of its young users.
– Anyone under 18 automatically sees their private account when they start using Instagram, so only people they know can see what they post, and adults can’t message teens who don’t follow them, the spokesperson said in the comment.
According to Meta, the company worked closely with DPC throughout the process, and the company is now carefully considering the final decision. It remains to be seen how the case will develop and whether Meta will end up having to pay the fine.
This is not the first time that the Irish Data Protection Authority has gone after Meta. This summer, Digi.no reported that DPC wanted to block Facebook from sending data about European residents to the United States, which could have dramatic consequences for Facebook on the European continent.
“Music practitioner. Passionate bacon fanatic. Reader. Food enthusiast. Alcohol nerd. Gamer. Twitter maven.”