We use cookies to collect and analyse information on site performance and usage to improve and customise your experience, where applicable. View our Cookies Policy. Click Accept and continue to use our website or Manage to review and update your preferences.

DPC reprimands Meta and issues compliance order
Data Protection Commissioner Helen Dixon

15 Sep 2022 / data law Print

DPC reprimands Meta and issues compliance order

The Data Protection Commission (DPC) has confirmed the conclusion to an inquiry into Meta Platforms Ireland Limited (Instagram).

The regulator slapped the social-media giant with a fine of €405 million, as well as a range of corrective measures.

The inquiry concerned the processing of personal data relating to child users of the Instagram social-networking service.

In particular, the probe focused on the Instagram user-registration process, which allowed public disclosure of email addresses and/or phone numbers of children using the Instagram business-account feature, and a public-by-default setting for personal Instagram accounts of children.

In December 2021, the DPC submitted a draft decision to all of its peer regulators in the EU, known as Concerned Supervisory Authorities (CSA), under Article 60 of the GDPR.

Six of these national regulators raised objections to the DPC’s draft decision. When no consensus was reached on the objections, the case was referred to the European Data Protection Board (EDPB), in line with the GDPR Article 65 dispute-resolution process.

On 28 July, the EDPB adopted its binding decision, which rejected a considerable quantity of the objections.

Administrative fines

However, the EDPB upheld objections requiring the DPC to amend its draft decision to include a finding of infringement of Article 6(1) GDPR, and to reassess its proposed administrative fines on this basis.

With these amendments, the DPC’s decision was adopted on 2 September. The decision records findings of infringement of Articles 5(1)(a), 5(1)(c), 6(1), 12(1), 24, 25(1), 25(2) and 35(1) of the GDPR.

The DPC’s original draft decision had recommended a fine of up to €405 million and, having taken account of the EDPB’s binding decision, the fine imposed on Meta Platforms Ireland Limited (Instagram) totals €405 million – including a fine of €20 million for the infringement of Article 6(1).

In addition to these administrative fines, the DPC has also imposed a reprimand and an order requiring Meta Platforms Ireland Limited to bring its processing into compliance by taking a range of specified remedial actions.

Gazette Desk
Gazette.ie is the daily legal news site of the Law Society of Ireland