The Irish Data Protection Commissioner will fine Instagram $402 million for allegedly mishandling the personal data of children, specifically through default settings that left phone numbers and email addresses for users between the ages of 13 and 17 exposed via Instagram business accounts, according to published reports.
It’s the second-largest fine ever handed out by EU-based regulators, behind only the $739 million that Luxembourg authorities levied against Amazon last year. A spokesperson for the Irish DPC said that full details on the decision will be published next week, according to the reports.
The decision stems from a 2019 study by data protection scientist David Stier, who found that a large part of the 60 million Instagram users who were under 18 at the time changed their personal accounts into business accounts, in order to gain insight into view numbers for particular posts and numbers of personal profile views, according to the Washington Post.