Instagram was fined by the Irish Data Protection Commission for sharing email addresses and phone numbers of children who signed up for the service as businesses or creators. The 405m-euro fine is the second largest ever for rule violations.
Until last summer, Instagram automatically shared contact information for kids who ran a business or creator account. This practice is believed to have affected millions of children in the European Union, but no concrete figures have been given. Sharing children’s contact information means they can be contacted by adults.
A Meta spokesperson said in a statement: “This investigation focused on old settings that we updated over a year ago and have since released many new features to help keep teens safe and their information private. When anyone under 18 automatically joins Instagram, their account is set to private so only people they know can see what they’re posting and adults can’t message teens who don’t follow them. We have fully cooperated with DPC throughout their inquiries and are carefully reviewing their final decisions.”
There’s nothing about the fine on DPC’s website yet, with full details scheduled to release next week. The only larger fine by DPC was Amazon’s 746 million for processing data it shouldn’t have.