Ireland’s DPA fines Meta €405 million

Ireland’s Data Protection Commission has fined Meta €405 million for a GDPR breach. The fine has been imposed for breaching children’s privacy on Meta’s Instagram service, as the mobile phone numbers and email addresses of Instagram users were automatically published under default settings on the app’s “business account” service. The breach affects potentially millions of teenagers.

“We adopted our final decision last Friday and it does contain a fine of €405 million. Full details of the decision will [be published] next week,” Ireland’s DPA told the Irish Times.

Meta has indicated that it will appeal the decision. The company says it has been cooperating with the DPA throughout the enquiry, has changed the default settings, and that it disagrees on how the fine has been calculated.

The full text of the decision is not yet publicly available.

See: Irish Times - Irish Data Protection Commissioner fines Instagram €405m