Türkiye fines Meta nearly $330K over child privacy violations on Instagram
This photograph taken on October 28, 2021 shows the Meta logo on a laptop screen in Moscow. (AFP Photo)
The Turkish Personal Data Protection Authority (KVKK) has imposed an ₺11.5 million ($329,819.94) fine on Meta, Instagram’s parent company, for violating privacy rules related to child accounts.
The decision follows an investigation into the platform’s handling of private accounts created by users under the age of 18.
Investigation reveals privacy violations
KVKK initiated an investigation after allegations surfaced that private Instagram accounts belonging to minors were being converted into business accounts, exposing personal information such as email addresses and phone numbers.
The authority determined that these changes made children’s personal data publicly accessible, compromising their privacy and security.
The investigation found that:
- Personal data such as email addresses and phone numbers of minors were embedded in Instagram’s HTML source code, making them easily retrievable.
- This oversight increased the risk of children being exposed to online threats.
- Meta failed to implement adequate technical measures to protect children’s data.
Details of fine
KVKK concluded that Meta had not taken sufficient steps to safeguard user data and imposed fines for two key reasons:
- Data security failures: A ₺2.5 million fine was levied for not ensuring technical and administrative safeguards to protect personal data and for failing to meet notification obligations under Türkiye’s data protection laws.
- Inadequate measures for child accounts: A ₺9 million penalty was issued for allowing private accounts created by minors to be switched to business accounts without age verification or parental consent.
Wider implications for Meta in Türkiye
With over 50 million users in Türkiye, Meta faces increasing scrutiny from local regulators.
