Meta, the parent company of social media and communication giants Facebook, Instagram and WhatsApp, has had its hefty share of media scandals involving user privacy. These have included especially famous cases such as the Cambridge Analytica scandal of 2018, which involved Facebook directly, and many other smaller episodes since then.
In the most recent and rather costly case for Meta, the Irish Data Protection Commission handed the US tech titan a 405 million euro, $403 million dollar fine on Monday, September, 5th. This was leveled as punishment for alleged privacy violations against the accounts of minors.
Irish Tech Jurisdiction
The curious thing about the regulatory dynamics of this fine is that the Data Protection Commission of Ireland (DPC) serves as the European Union's main regulator and watchdog for legal breaches by American tech giants operating in Europe.
The key reason for this is that Ireland, despite its small size and peripheral location along the edges of the E.U, is the European headquarters for many of the most famous U.S tech companies. Aside from Meta, these include Google, Twitter and Apple (among others).
In the case of Meta, it was its Instagram app that got the company into hot water with the Irish data authorities. The social photo and video sharing app was fined for apparently being negligent in its protection of underage account holders' privacy.
One of the main reasons cited for this judgment was that Instagram had let children open and operate business accounts despite being minors. As part of the business account management process, the administrators of an Instagram page have their phone number and email address information visible to the public. In the case of children opening accounts, this information was deemed a privacy violation because it exposed data deemed private to abuse.
Another crucial part of the DPC's decision to fine Instagram (and consequently its parent, Meta) was that the social app set the account privacy settings of minors aged 13 to 17 to "public" by default. It's worth noting too that the minors who owned these accounts weren't explicitly notified that their profiles were fully visible to open search queries.
GDPR Shows Its "Teeth"
The DPC leveled the fine under cover from the European Union's General Data Protection Regulation, or GDPR, as it's famously called. This four-year-old law obligates companies to secure the information they store about users in very specific ways, especially so if the users are minors.
Though the E.U's GDPR legislation has frequently been criticized as being extremely weak in the face of the enormous financial and legal resources at the disposal of companies like Meta, Google and others, in this case, it seems to have finally sent a modest message. With that said, a $403 million fine is hardly a heavy burden for a company with Meta's assets and market capitalization.
Meta Doubles Down
Despite this and the pretty clear-cut reasons for the fine, Meta has publicly commented that it disagrees with the ruling by the DPC and asserted that it would begin an appeal process. This essentially means that they plan on dragging the ruling through the courts for as long as feasible to delay actually paying any fine.
The company justified its disagreement by arguing that the settings in question for minors on Instagram had been updated more than a year ago and that new privacy protection features have been added since then.
A spokesperson for Meta also explained that accounts of people under the age of 18 are automatically "private". The Meta representative also said that private messages can't be sent by others to users under 18 unless they already follow the sender's account.
To date, this is the second biggest fine leveled under GDPR laws against a U.S tech giant. Previously, in July of 2021, Amazon, headquartered in Luxembourg, was fined $887 million for its own data privacy violations.
Get the latest from The Futurist every afternoon in your inbox
Check out some of the newest posts from The Futurist