Ireland‘s data privacy regulator has agreed to levy a record fine of 405 million euros ($402 million) against social network Instagram following an investigation into its handling of children’s data, a spokesperson for the watchdog said.
Instagram plans to appeal against the fine, a spokesperson for parent Meta Platforms Inc said in an emailed statement.
The investigation, which started in 2020, focused on child users between the ages of 13 and 17 who were allowed to operate business accounts, which facilitated the publication of the user’s phone number and/or email address.
“We adopted our final decision last Friday and it does contain a fine of 405 million euro,” said the spokesperson for Ireland’s Data Protection Commissioner (DPC), the lead regulator of Instagram’s parent company Meta Platforms Inc.
Full details of the decision will be published next week, he said.
Instagram updated its settings over a year ago and has since released new features to keep teens safe and their information private, the Meta spokesperson said.
The spokesperson said Instagram disagrees with how the fine was calculated and is carefully reviewing the decision.
The DPC regulates Facebook, Apple, Google and other technology giants due to the location of their EU headquarters in Ireland. It has opened over a dozen investigations into Meta companies, including Facebook and WhatsApp.
WhatsApp was last year fined a record 225 million euros for failing to conform with EU data rules in 2018.
The Irish regulator completed a draft ruling in the Instagram investigation in December and shared it with other European Union regulators under the bloc’s “one stop shop” system of regulating large multinationals.