Data Protection Commissioner fines Instagram €405m

Updated: 6pm

The State’s Data Protection Commission (DPC) has issued Instagram with a €405 million fine over the way in which it handled children’s personal data – the largest fine the authority has ever issued.

Instagram’s parent company Meta said in a statement that it plans to appeal the decision.

The watchdog began an inquiry in September 2020 in relation to how the social media giant processed the details of children aged 13-17 on Instagram accounts.

The inquiry looked at whether child users were allowed to operate business accounts on Instagram, and whether that allowed, or required, the publication of children’s phone numbers and/or email addresses as a result.

It also examined whether the user registration system for Instagram resulted in children’s accounts being set to “public” by default, which made public the social media content of child users, unless the account was otherwise set to private by changing the account’s privacy settings.


A DPC spokesman said in a statement to the PA news agency: “We adopted our final decision last Friday and it does contain a fine of €405 million.

“Full details of the decision will publish next week.”

A Meta spokesman said in a statement to PA: “This inquiry focused on old settings that we updated over a year ago, and we’ve since released many new features to help keep teens safe and their information private.

“Anyone under 18 automatically has their account set to private when they join Instagram, so only people they know can see what they post, and adults can’t message teens who don’t follow them.

“While we’ve engaged fully with the DPC throughout their inquiry, we disagree with how this fine was calculated and intend to appeal it.

“We’re continuing to carefully review the rest of the decision.”