As the Lead Supervisory Authority for Meta/Instagram, Ireland’s Data Protection Commission (DPC) began an investigation into Instagram in September 2020 to examine “certain processing of the personal data of children by Facebook Ireland Limited” related to Instagram’s social networking service, according to the DPC.
“It was commenced in response to information provided to the DPC by a third party and also in connection with issues identified by the DPC following examination of the Instagram user-registration process,” the agency stated. In December 2021, the agency submitted a draft decision to other EU data protection authorities for their views on it.
The DPC investigation focused on two key issues. The first issue related to Facebook Ireland allowing users between the ages of 13 and 17 to operate “business accounts” on Instagram, which led to the public release of their phone numbers and/or email addresses. The second issue concerned Instagram’s user-registration system, in which the accounts of children were set to “public” by default.
A spokesperson for Meta, Instagram’s parent company, stated that the DPC investigation “focused on old settings that we updated over a year ago, and we’ve since released many new features to help keep teens safe and their information private.”
Meta’s spokesperson added, “While we’ve engaged fully with the DPC throughout their inquiry, we disagree with how this fine was calculated and intend to appeal it. We’re continuing to carefully review the rest of the decision.”
Politico first broke the news about the DPC’s fine amount against Instagram. DPC Deputy Commissioner Graham Doyle said the agency plans to release full details on its decision next week. 
Jaclyn Jaeger is a contributing editor at Compliance Chief 360° and a freelance business writer based in Manchester, New Hampshire.