Meta Platforms, Inc. – €405,000,000 Fine (Ireland, 2022)

€405,000,000Data Protection Commission5 September 2022Ireland
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Meta was fined EUR 405 million by the Irish Data Protection Commission for not protecting minors' privacy on Instagram. The platform made teenagers' contact information and posts public by default. This matters because it shows the importance of safeguarding young users' data online.

What happened

Meta publicly displayed minors' phone numbers and email addresses on Instagram business accounts and set their accounts to public by default.

Who was affected

Teenagers using Instagram business accounts whose contact information and posts were made public.

What the authority found

The Data Protection Commission found that Meta violated GDPR by not having proper privacy settings for minors' accounts, making their data publicly accessible.

Why this matters

This case highlights the need for companies to prioritize the privacy of young users and ensure default settings protect their data. It also shows that regulators are willing to impose significant fines for privacy breaches involving minors.

GDPR Articles Cited

AI-verified

Art. 24 GDPR
Art. 35 GDPR
Art. 5(1)(a) GDPR
Art. 6(1) GDPR
Art. 12(1) GDPR
Art. 25(1) GDPR
View original scraped data
Art. 5(1)(a) GDPR
c) GDPR
Art. 6(1) GDPR
Art. 12(1) GDPR
Art. 24 GDPR
Art. 25(1) GDPR
(2) GDPR
Art. 35 GDPR

Original data from scraper before AI verification against source document.

Source verified 4 March 2026
verified correct
Ireland enforcementData Protection Commission actionsAll Meta Platforms, Inc. actions
Full Legal Summary
Detailed

The Irish DPA (DPC) has imposed a fine of EUR 405,000,000 on Meta Platforms, Inc. (Instagram). Following the investigation, the DPC submitted a draft decision under Art. 60 GDPR to other European supervisory authorities concerned. The initial draft proposed a fine of EUR 30-50 million. The DPC subsequently received objections from six supervisory authorities, which led to a dispute resolution procedure at the European Data Protection Board (EDPB) in Brussels. In its decision, the EDPB requested the DPC to increase the proposed fine. The DPC's investigation revealed that on Instagram business accounts of minors, their cell phone numbers and email addresses were publicly displayed. In addition, the settings for the underage users' accounts were set to 'public' by default , making their social media content publicly viewable unless they changed the account settings. The breach potentially affects millions of teenagers.

Related Enforcement Actions (0)

No other enforcement actions found for Meta Platforms, Inc. in IE

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

5 September 2022

Authority

Data Protection Commission

Fine Amount

€405,000,000

Enforcement Tracker ID

ETid-1373

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Meta Platforms, Inc. - Ireland (2022). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: