A fat fine — of €405 million — is headed Instagram’s way after European Union privacy regulators came to a decision on a long running complaint related to how the social media platform handles children’s data. The penalty is for a breach of the EU’s General Data Protection Regulation (GDPR).
Meta was contacted for comment on the penalty.
We understand the final GDPR decision on the Instagram enquiry was sent to Meta, Instagram’s parent, Friday — ahead of formal publication on the websites of the company’s lead data supervisor in the EU, Ireland’s Data Protection Commission (DPC); and the European Data Protection Board (EDPB), a steering body which helped coordinate a decision review process involving other interested EU data protection authorities — however the size of the penalty for Meta appears to have leaked early, via a report in Politico, which contains the fine figure (which shakes out to around $403M at current currency exchange prices) but no further details of the decision.
Ireland’s DPC confirmed the level of fine to us. Deputy commissioner, Graham Doyle, told TechCrunch: “We adopted our final decision last Friday and it does contain a fine of €405 million. Full details of the decision will publish next week.”
The Instagram penalty is the largest GDPR penalty the social media giant has been hit with to-date (though not the largest ever GDPR fine; that one landed on Amazon) — following a $267M penalty levied upon the Meta-owned messaging platform WhatsApp last September for violations of the GDPR’s transparency principle.