The Irish Data Protection Commission has fined Meta-owned social media platform Instagram €405 million for violations of the General Data Protection Regulation.
The fine, which is the second-highest fine under the GDPR after a €746 million penalty against Amazon, is the third for a Meta-owned company handed down by the Irish regulator.
In an emailed statement, the Irish DPC confirmed the penalty but declined further comment.
The Irish regulator imposed the fine after having to trigger a dispute-resolution mechanism to resolve other European data protection authorities’ input on the penalty.
The penalty, currently the highest for a Meta-owned company — after a €225 million fine for WhatsApp and a €17 million fine for Facebook — is aimed at Instagram’s violation of children’s privacy, including its publication of kids’ email addresses and phone numbers.
The Irish DPC has at least six other investigations into Meta-owned companies in the pipeline.
Instagram, which can appeal the fine, did not immediately respond to a request for comment.
