Meta has been hit by a second setback in one week after the Irish Data Protection Commission (DPC) issued a €405m (£349m) fine, accusing Instagram of failing to protect children.

The regulator’s fine against Instagram follows the approval of a new law that restricts what services social media companies can provide to children.

The California Age-Appropriate Design Code Act is pending approval from the Californian governor, but if approved, it will introduce new guardrails for users under 18.

This includes a default for minors to have higher privacy settings and avoid collecting minors’ location data. Companies need to analyse its algorithms and products to see how it can affect under age users. They also need to assess if these algorithms and products were designed to be addictive or cause harm to young users.

Fine issued as Instagram accused of unsafe privacy violating practices

The Irish regulator has accused Meta and its subsidiary Instagram of having violated chidren’s privacy and safety.

Graham Doyle, deputy commissioner for the DPC, tells Verdict that the inquiry concerns two types of processing, carried out by Meta.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData

“Facebook Ireland Limited allowed child users between the ages of 13 and 17 to operate ‘business accounts’ on the Instagram platform,” Doyle says. “At certain times, the operation of such accounts required and/or facilitated the publication (to the world-at-large) of the child user’s phone number and/or email address.”

He also says Meta operated a user registration system for Instagram made children’s accounts and their content public by default.

The DPC’s fine to Instagram is one of the highest General Data Protection Regulation (GDPR) fines ever issued.

However, it’s only a fraction of Meta’s most recent annual revenue reported in February $117.9bn. The fine was only 0.34% of Meta’s revenue.

It should be said that Meta’s revenue has dropped for the first time this year, but since this is the last full year report available, we’ll go with that.

The point is still the same, though: the fine against Instagram is tiny for the Menlo Park-headquartered firm.

However, that doesn’t stop Meta from objecting to the Instagram fine.

A Meta spokesperson tells Verdict that the inquiry focuses on old privacy settings which have since been updated. Meta says it then released new features to keep teens safe and information private. Those under 18 have Instagram accounts automatically set to private. Only people they know see their content and adults can’t message teens who don’t follow them.

“While we’ve engaged fully with the DPC throughout their inquiry, we disagree with how this fine was calculated and intend to appeal it,” the Meta spokesperson says. “We’re continuing to carefully review the rest of the decision.”

Meta’s reputation is being torn apart

The news comas as the wave of criticism against Meta is growing. The social media giant settled a privacy lawsuit in August regarding location data, as Verdict previously reported.

The backlash has grown ever since former Meta employee Frances Haugen leaked company documents last year.

She accused Meta of putting profit over the public good, particularly children’s health. In a parliamentary hearing she said that Instagram “is more dangerous” to teenagers than other social media platforms.

Haugen also said Facebook employees had voiced ways to improve the platform’s safety but were ignored. Meta has rejected these claims.

Rachel Foster Jones, graduate analyst at GlobalData, tells Verdict that the Instagram fine is unsurprising and that it is a natural backlash from Big Tech having been given free rein for too long

“Meta will need to be much more transparent if they want to prove they are capable of strong protection for the children on their platform as currently, they cannot even successfully guarantee basic data privacy,” says Foster Jones.

“Meta has claimed that they have rectified these privacy issues, but Meta is already facing the perfect storm, from Apple’s crackdown on privacy, competition with TikTok, and economic headwinds. Now, the company will also need to face even greater scrutiny from regulators as they have to prove that the measures they have put in place not only abide with GDPR but also guarantee user safety.”

GlobalData is the parent company of Verdict and its sister publications.