Ireland’s Data Protection Commission (DPC), Ireland’s privacy enforcement authority, announced yesterday that they were fining Instagram €405 million (approximately $396.2 million) following alleged mishandling of children’s data. They have also ordered Meta as a whole to “bring its processing into compliance by taking a range of specified remedial actions” outlined in their decision.

The primary concern stems from users’ ability to convert a personal Instagram account to a business account. Making this change grants the user access to more detailed account analytics, such as the number of times their profile was viewed. However, this change also makes more account data visible to other Instagram users. Reports allege that users under 18, whose accounts are set to private by default, were able to convert to a business account and unknowingly compromise their data.

In response to the fine, a Meta spokesperson says they plan to appeal, explaining “This inquiry focused on old settings that we updated over a year ago and we’ve since released many new features to help keep teens safe and their information private.”

This fine is the second highest ever levied under the GDPR, second only to the massive Amazon fine from earlier this year. As privacy violations and concerns continue to pile up, authorities around the world seem to be getting more serious about penalizing noncompliant companies.

To avoid making the same mistake Meta seems to continue making, consider using a privacy compliance software like 4Comply to keep track of changing privacy laws, as well as your company’s privacy practices. Don’t be caught off guard by compromised systems. Contact us today to learn more and get a free demo of what 4Comply can do.