Ireland

Meta Platforms, Inc.

405,000,000 €

GDPR enforcement action by Data Protection Authority of Ireland on 2022-09-05.

Rank · Sector

of 366 in Media, Telecoms and Broadcasting

Rank · Ireland

of 36

Rank · All fines

of 3,039

Case details

Authority: Data Protection Authority of Ireland
Date: 2022-09-05
Controller / Processor: Meta Platforms, Inc.
Sector: Media, Telecoms and Broadcasting
Quoted Articles: Art. 5 (1) a), c) GDPR, Art. 6 (1) GDPR, Art. 12 (1) GDPR, Art. 24 GDPR, Art. 25 (1), (2) GDPR, Art. 35 GDPR
Type of violation: Non-compliance with general data processing principles

Summary

The Irish DPA (DPC) has imposed a fine of EUR 405,000,000 on Meta Platforms, Inc. (Instagram).

Following the investigation, the DPC submitted a draft decision under Art. 60 GDPR to other European supervisory authorities concerned. The initial draft proposed a fine of EUR 30-50 million. The DPC subsequently received objections from six supervisory authorities, which led to a dispute resolution procedure at the European Data Protection Board (EDPB) in Brussels. In its decision, the EDPB requested the DPC to increase the proposed fine.

The DPC's investigation revealed that on Instagram business accounts of minors, their cell phone numbers and email addresses were publicly displayed. In addition, the settings for the underage users' accounts were set to "public" by default , making their social media content publicly viewable unless they changed the account settings. The breach potentially affects millions of teenagers.

Open original source Links to the regulator's original publication or another source.