Meta Platforms, Inc.: Non-compliance with general data processing principles

The Irish DPA (DPC) has imposed a fine of EUR 405,000,000 on Meta Platforms, Inc. (Instagram). Following the investigation, the DPC submitted a draft decision under Art. 60 GDPR to other European supervisory authorities concerned. The initial draft proposed a fine of EUR 30-50 million. The DPC subsequently received objections from six supervisory authorities, which led to a dispute resolution procedure at the European Data Protection Board (EDPB) in Brussels. In its decision, the EDPB requested the DPC to increase the proposed fine. The DPC's investigation revealed that on Instagram business accounts of minors, their cell phone numbers and email addresses were publicly displayed. In addition, the settings for the underage users' accounts were set to 'public' by default , making their social media content publicly viewable unless they changed the account settings. The breach potentially affects millions of teenagers.

GDPR Articles: Art. 5 (1) a), c) GDPR, Art. 6 (1) GDPR, Art. 12 (1) GDPR, Art. 24 GDPR, Art. 25 (1), (2) GDPR, Art. 35 GDPR
Industry: Media, Telecoms and Broadcasting