Ireland’s data privacy regulator has fined Instagram 405 million following an investigation into its handling of children’s data.
“We adopted our final decision last Friday and it does contain a fine of 405 million euro,” said the spokesman for Ireland’s Data Protection Commissioner, which is the lead regulator of Instagram’s parent company Meta Platforms Inc .
The penalty is the second-biggest issued under the European Union’s stringent privacy rules, after Luxembourg’s regulators fined Amazon 746 million euros last year.
Instagram parent Meta, which also owns Facebook and can appeal the decision, didn’t respond to a request for comment. The full details of the investigation won’t be released until next week.
The Irish watchdog’s investigation centered on how Instagram exposed the personal details of users ages 13 to 17, including email addresses and phone numbers. The minimum age for Instagram users is 13.
Under the EU’s data privacy rules, the Irish watchdog is the lead regulator for many U.S. tech companies with European headquarters in Dublin.
The watchdog has a raft of other inquiries into Meta-owned companies. Last year, it fined WhatsApp 225 million euros for breaching rules on transparency about sharing people’s data with other Meta companies.