What is Personal Data?
In this day and age, with the development of technology, the processing of personal data has become quite common. As explained in the justification of the Law on the Protection of Personal Data, personal data means “any information relating to an identified or identifiable natural person”. All kinds of data that make the person identifiable such as; name, phone number, license plate, image and sound recordings can be evaluated within this scope. The privacy of individuals and the privacy of the private life are protected by various legal regulations around the world. The processing of the personal data without the consent of the person is also prevented. In Turkey, a paragraph was added to the 20th article of the Constitution in 2010. This paragraph puts “everyone’s right to demand the protection of their personal data” under constitutional protection. In September 2022, the Irish Data Protection Commission imposed a remarkable fine of 405 million Euros on Instagram, once again reminding the importance of personal data in today’s world.
Content of the Fine Imposed by the Irish Data Protection Commission
Social media platforms have been an inseparable part of our lives for many years, enabling people to produce and share content. Along with the recognition of the right to protection of personal data, many social media platforms have been faced with various sanctions in recent years.
Instagram is a social media platform that has been used for over 10 years. This high amount of fine constitutes a concrete example of the sanctions within the scope of the protection of personal data.
In September 2022, the Data Protection Commission (DPC) in Ireland fined Instagram €405 million for violating the General Data Protection Regulation (GDPR). The content of the violation consists of violating the privacy of children and their data. It is known that the Data Protection Commission has been continuing this investigation for two years. The scope of the investigation is how the personal data of users between the ages of 13 and 17 are handled. It has been determined that children in this age convert their accounts into business accounts, in order to access analysis tools and view their interactions with other users and the number of people visiting their profiles. People in this age group do not know the consequences of their actions to access this information. The data of an account that turns into a business account becomes publicly available, including phone numbers.
Children should be considered as vulnerable persons. For this reason, Instagram is responsible for observing their right to data protection and taking the necessary measures. According the Data Protection Commission decision, Instagram is liable for not interfering with children’s email addresses and phone numbers becoming public.
Meta Announces That They Are Going to Appeal the Decision
Meta (formerly Facebook Inc.), the owner of Instagram in addition to Facebook and WhatsApp, has its European headquarters in Dublin. Therefore, it is within the jurisdiction of the Irish Data Protection Commission jurisdiction. The Commission regulates many technology companies headquartered in Ireland. Meta has announced that they are planning to appeal the penalty.
The company claims that this investigation is based on old settings that were improved over a year ago and updated repeatedly. In addition, it has been announced that many new features have been introduced by the company in order to keep the data of the children safe. The penalty at issue is the second largest penalty imposed by the European Union under data privacy, after the 746-million-euro penalty imposed on Amazon by the Data Protection Commission in Luxembourg.