The investigation focused on a setting that allowed teenage minors to set up business accounts that displayed contact details.
Ireland's data privacy regulator is slapping Instagram with a fine of €405 million after an investigation found the social media platform mishandled teenagers' personal information in violation of strict European Union data privacy rules.
Instagram plans to appeal against the fine, a spokesperson for parent company Meta Platforms Inc said in an emailed statement.
The investigation, which started in 2020, focused on how Instagram displayed the personal details of users ages 13 to 17, including email addresses and phone numbers. The minimum age for Instagram users is 13.
The investigation began after a data scientist found that users, including those under 18, were switching to business accounts and had their contact information displayed on their profiles.
Users were apparently doing it to see statistics on how many likes their posts were getting after Instagram started removing the feature from personal accounts in some countries to help with mental health.
"We adopted our final decision last Friday and it does contain a fine of €405 million," said the spokesperson for Ireland's Data Protection Commissioner (DPC).
Full details of the decision will be published next week, he said.
The penalty is the second-biggest issued under the EU's general data protection regulation (GDPR) rules after Luxembourg's regulators fined Amazon €746 million last year.
Instagram said it updated its settings over a year ago and has since released new features to keep teens safe and their information private.
The company disagrees with how the fine was calculated and is carefully reviewing the decision, the spokesperson said.
Under the EU's data privacy rules, the Irish watchdog is the lead regulator for Facebook, Apple, Google and other technology giants due to the location of their EU headquarters in Ireland.
It has opened over a dozen investigations into Meta companies, including Facebook and WhatsApp.
Last year, WhatsApp was fined a record €225 million for failing to conform with EU data rules in 2018.
The Irish regulator completed a draft ruling in the Instagram investigation in December and shared it with other European Union regulators under the bloc's "one stop shop" system of regulating large multinationals.