Irish regulators fined Instagram 405m for data breach

Irish regulators have slapped Instagram with a hefty fine after an investigation found the social media platform mishandled teenagers’ personal data.

The Irish Data Protection Commission said in an email on September 5, 2022 that it made a final decision last week to fine the company 405 million euros ($402 million), although full details will not be released until next week.

The penalty is the second highest handed down under the European Union’s tough privacy rules, after Luxembourg regulators fined Amazon 746 million euros last year.

Instagram parent Meta, which also owns Facebook and may appeal the decision, did not respond to a request for comment.

The Irish watchdog’s investigation focused on how Instagram exposed the personal data of users aged 13 to 17, including email addresses and phone numbers. The minimum age for Instagram users is 13 years.

Under EU data protection rules, Ireland’s watchdog is the main regulator for many US technology companies with European headquarters in Dublin.

The watchdog has a number of other questions about Meta-owned companies. Last year, WhatsApp was fined 225 million euros for violating the transparency rules of sharing people’s data with other Meta companies.