The Irish data watchdog has hit Meta with a fine of €405 million for allowing teens to set up public accounts where their emails and phone numbers were publicly displayed. This is the second largest fine set by the GDRP, with a €746m fine to amazon being the largest. The fine comes after a two-year investigation in which Meta was found to have breached the European Union’s general data protection regulation.
“We adopted our final decision last Friday and it does contain a fine of €405m. Full details of the decision will be published next week,” said a spokesperson for the DCP.
Meta allowed users ages 13-17 to set up and run business accounts on Instagram where their personal contact info was exposed. Instagram was also found to have set teenagers’ Instagram accounts to public by default.
“This inquiry focused on old settings that we updated over a year ago, and we’ve since released many new features to help keep teens safe and their information private,” said a Meta spokesperson. Instagram now automatically sets the accounts of underage users to private by default which prevents adult users they aren’t following from contacting them.
“This was a major breach that had significant safeguarding implications and the potential to cause real harm to children using Instagram,” said head of child safety online policy at NSPCC, Andy Burrows.
Meta had been developing an Instagram for children. However, the project was paused last year when the negative effects of the platform on teen’s mental health were revealed.
More Meta, More Problem
Meta just can’t seem to stay away from scandals. Meta was fined €17 million earlier this year over 2018 Facebook data breaches. In February Jeren A. Miles, former head of global community development left the company after being caught in an underage sex sting. Additionally, the company added a personal boundary feature to its VR platform after a woman came forward about a virtual sexual assault.