Irish regulators are slapping Instagram with hefty fines after an investigation found the social media platform mishandled teens’ personal data.
Ireland’s Data Protection Commission said by email it made a final decision last week to fine the company €405 million ($402 million). However, full details won’t be revealed until next week.
It is the second-largest fine under the EU’s strict privacy rules after Luxembourg regulators fined Amazon €746 million last year. Instagram’s parent company Meta, which also owns Facebook, could appeal the decision but did not respond to a request for comment.
The investigation by Irish regulators focuses on how Instagram leaked personal information, including email addresses and phone numbers, of users between the ages of 13 and 17. The minimum age for Instagram users is 13. The Irish regulator is the main regulator for many European Dublin-American tech companies subject to EU data privacy rules.
Regulators have launched numerous other investigations into Meta-owned companies. Last year, it fined WhatsApp €225 million for breaching transparency rules for sharing personal data with other Meta companies.