All Things Newz
Law \ Legal

Irish DPC Fines Instagram A Record €405 Million – Privacy Protection



To print this article, all you need is to be registered or login on Mondaq.com.

Meta-owned Instagram has been fined €405 million by the
Irish Data Protection Commission (DPC) for violations of the EU
General Data Protection Regulation (GDPR), following a two year
investigation into how the social media platform handles
children’s data. This is the largest fine imposed by the DPC to
date. Below, we highlight some of the key issues arising in the
case.

What was the breach?

The investigation into Instagram was centred on two issues:

  1. Teenage users aged 13-17 were allowed to operate ‘business
    accounts’ on Instagram, which resulted in the publication of
    the users’ phone numbers and email addresses. If these

    had been adults, this likely would not have been
    an issue. Nonetheless, this serves as a reminder to use additional
    caution when dealing with children’s data. Recital 38 of the
    GDPR highlights that where children’s data is used to create
    user profiles, specific protections should apply since children may
    be less aware of the risks, consequences and safeguards and their
    rights in relation to the processing of their data.

  2. All accounts, including the accounts of teenage users, were set
    to public by default, unless the user affirmatively changed the
    privacy settings. Meta has commented that these settings have since
    been updated and users under 18 now automatically have their
    account set to private when they join Instagram. The GDPR requires
    privacy by design and default, meaning that data protection should
    be integrated into a business’s processing activities.
    Additionally the DPC’s guidance “Children Front and
    Centre: Fundamentals for a Child-Orientated Approach to Data
    Processing” highlights the importance of ensuring the
    strictest privacy settings apply by default

Full details of the reasons behind the decision are expected to
publish next week. Meta is said to disagree with the way the fine
has been calculated and plans to appeal the decision.

The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.

POPULAR ARTICLES ON: Privacy from European Union



Source link

Related posts

IBBI’s Attempt To Formalise The Fee Structure For Resolution Professionals – Insolvency/Bankruptcy

Cross-Border: A Guide To Doing Business In Canada – Key Topics And Developments – Corporate and Company Law

Mandatory Merger Notification On The Cards – Corporate and Company Law