Jowanna Conboye comments on Instagram’s 405 million Euro GDPR fine in Compliance Week
A recent article in Compliance Week reported on how the Irish Data Protection Commission (Irish DPC) received criticism about its investigation into Instagram’s GDPR violations regarding safeguarding of teenage users’ data.
Instagram (owned by Meta and with a European HQ in Ireland) were fined 405 million euros after an investigation into how teenage users were able to open business accounts on the platform, which, owing to the accounts having a ‘public’ default setting, resulted in phone numbers and/or email addresses being published.
A decision from the European Data Protection Board (EDPB) stated that the Irish DPC inquiry was limited and too focused on GDPR regulation, rather than whether it is right for a company to process data without informed consent and/or make children’s data publicly available.
Jowanna Conboye, our Data Protection and Technology Partner featured in the article, stating: “The fact the Irish DPC first reached different and more lenient conclusions in relation to Meta’s processing of children’s data should be a concern,” before further adding “that Instagram had designed its system to have children’s accounts as public by default and to allow children to have business accounts on the platform … has real and serious safeguarding consequences.”
Read the article here (requires subscription)