Meta is feeling the wrath of the 2018 General Data Protection Regulation (GDPR). A leaked draft of an Irish Data Protection Commission (IDPC) suit confirms a €405 million fine for the social media giant over Instagram's mishandling of children's data, says TechCrunch. The fine is the second-largest fine ever levied under the GDPR (the first being Amazon's €746 million fine from last year), and Meta's biggest penalty to date, explains Politico. 

• The IDPC's suit against Instagram centered on how children's data was used through business accounts, and that children's accounts were defaulted to public rather than private, TechCrunch details. 

• “This inquiry focused on old settings that we updated over a year ago, and we’ve since released many new features to help keep teens safe and their information private,” a Meta spokesperson told Politico, adding that they are “carefully reviewing” the IDPC's decision.

• The IDPC currently has six other cases against Meta under investigation.

TikTok's Mirror

Instagram isn't the only app allegedly mishandling children's data. According to TechCrunch, the IDPC opened an investigation into TikTok for nearly identical reasons, last year, and has a separate investigation going over how TikTok transfers user data to China and whether the process complies with the GDPR's standards for transferring data to an outside country.

The Verdict

It's rare to see the GDPR leveraged, let alone with such a whopping penalty. While Meta has already begun correcting some of the issues in this case, it also serves as a warning to TikTok and other social media platforms to better secure their data.