A look at the relevant Irish Law in respect of data breaches and GDPR breaches.
Taken from independent.ie
The Irish Data Protection Commission (DPC) says that it has fined Instagram €405m for breaching the privacy rights of children.
It’s the DPC’s biggest fine so far, and the second substantial fine imposed on Meta, after a €225m fine imposed on Whatsapp last year. A €17m fine on Facebook was also imposed by the Irish regulator more recently.
“We adopted our final decision last Friday and it does contain a fine of €405 million,” said a DPC spokesperson. “Full details of the decision will be published next week.”
The €405m fine is the result of a consultation process with other European data regulators. A spokesperson described the Irish DPC decision as “significant” as it is the first to deal with children’s private information.
“This Inquiry was commenced on 21 September 2020 on foot of information provided to the DPC by a third party, and in connection with processing identified by the DPC itself,” the spokesperson said.
The scope of inquiry focused on Facebook allowing child users between the ages of 13 and 17 to operate ‘business accounts’ on the Instagram platform.
"At certain times, the operation of such accounts required and facilitated the publication, to the world-at-large, the child user’s phone number and/or email address,” said the spokesperson.
At other times, Facebook operated a user registration system for the Instagram service whereby the accounts of child users were set to ‘public’ by default, thereby making public the social media content of child users, unless the account was otherwise set to ‘private’ by changing the account privacy settings.
Meta has not yet commented on the fine.