The Data Protection Commission Imposes Fine of €405 Million on Instagram

The Data Protection Commission/Ireland (‘DPC/Commission’) has today announced a conclusion to an inquiry into Meta Platforms Ireland Limited (‘Instagram’) imposing a fine of €405 million and a range of corrective measures.

According to information where publish on DPC website:

• The investigation focused on the handling of personal information pertaining to young Instagram users. The investigation focused on how children's email addresses and/or phone numbers were made public via the Instagram business account option, as well as how children's personal Instagram profiles were configured to be public by default.
• Following a comprehensive investigation, the DPC submitted a draft decision to all peer regulators in the EU, also known as Concerned Supervisory Authorities (“CSAs/Authority”). Six of these national regulators raised objections to the DPC's draft decision. Therefore, it referred the case to the European Data Protection Board (“EDPB”), in line with the Article 65 dispute resolution process of the GDPR.
• On 28 July 2022, the EDPB adopted its binding decision, which rejected a considerable quantity of the objections but upheld objections requiring the DPC to amend its draft decision to include a finding of infringement of Article 6(1) GDPR and to reassess its proposed administrative fines on the basis of this additional infringement.
• The DPC’s original draft decision had recommended a fine of up to €405 million. The fine imposed on Meta Platforms Ireland Limited (Instagram) totals €405 million, including a fine of €20 million for the infringement of Article 6(1).
• In addition to these administrative fines, the DPC has also imposed a reprimand and an order requiring Meta Platforms Ireland Limited to bring its processing into compliance by taking a range of specified remedial actions.

You can reach further information here.

Kind regards,

Zumbul Attorneys at Law

info@zumbul.av.tr