The General Data Protection Regulation (GDPR), an EU privacy regulation, has not only redefined the way organizations handle personal data but has also established a framework for enforcing compliance, including the imposition of fines.
This week, Surfshark’s study looked at the 10 most popular social media platforms by monthly active users and whether they’ve been issued any fines for GDPR violations since the regulation came into effect in 2018.
Meta Fined £1.2bn for GDPR Violation: Implication for User Privacy, Compliance and Reputation
Additionally, the team investigates how many of these fines relate to inadequate protection of children’s data.
Key insights
Out of the top 10 investigated social media platforms, half were fined by European data protection authorities.
In total, there have been 13 fines levied on these platforms (Facebook, Instagram, TikTok, Whatsapp, and X, formerly Twitter), totaling €2.9B.
The remaining 5 social media platforms (YouTube, Snapchat, Pinterest, Reddit, and LinkedIn) did not receive any fines.
Meta-owned social media products (Facebook, Instagram, Whatsapp) feature prominently amongst platforms that have received fines under GDPR, adding up to €2.6 billion.
TikTok received the third highest amount in fines (€360 million), while X (formerly Twitter) received the lowest and only one fine in late 2020, totaling €450k.
Notably, a third (4 out of 13) of all fines handed out to social media platforms are related to mishandling children’s data.
Three of these were given to TikTok (€360M), and one was received by Instagram (€405M). The fines add up to €765M or more than a quarter of the total amount fined to the social media platforms over the 5 years of GDPR.
The first fine related to mishandling children’s data was issued to TikTok in 2021 for failing to have an understandable privacy policy in Dutch.
It was followed by a fine to Instagram in 2022, when business accounts made by children were set to public by default, exposing children’s information without informed consent.
The remaining two fines were issued to TikTok in 2023. The first was for failure to enforce its own policy prohibiting children under 13 from using the platform.
The second — for setting accounts to public by default, exposing children’s data without consent, and for allowing adults to register as parents of child TikTok users without verifying legal guardianship.
[Featured Image Credit]
Comments 3