Ireland’s Data Protection Commissioner (DPC) has decided to fine Instagram 405 million Euro or $402 million for violating the General Data Protection Regulation (GDPR) by incorrectly handling data of children active on the platform. Instagram’s parent company Meta has already announced to appeal the decision. Even though it might seem like a considerable sum, it’s not the most significant amount of money a company had to pay in the history of the GDPR.
As our chart shows, that questionable honor goes to Amazon, another member of GAFAM. In July of 2021, Luxembourg’s data watchdog issued the European branch of the multi-billion dollar tech firm a fine of roughly $740 million in current prices for the “non-compliance with general data processing principles” according to the GDPR Enforcement Tracker by CMS Law. The third place on the list of highest fines goes to WhatsApp, followed by three counts of Google violating the GDPR, Facebook and Swedish fashion company H&M.
The regulatory framework of the GDPR aims to give users more control over their data – and lays the groundwork for fining companies offering their services in the EU for breaching its articles. The GDPR was instated on May 25th, 2018 as a replacement for the EU’s Data Protection Directive from 1995, encompassing 99 articles. So far, the GDPR Enforcement Tracker lists 1,372 individual breaches of the GDPR, although the data is most likely incomplete since not all fines are made public.