Not too little, but still too late
Issue #56
If you ask most people, 405 million Euros is a lot of money. That’s about 403 million USD—a positively massive amount of money for the vast majority of us. I bet 405 million Euros is even noticeable to Meta, the company that owns Facebook, Instagram and WhatsApp. After all, it’s almost half a billion dollars. And, that’s the amount of money that Meta is on the hook for after Ireland’s Data Protection Commission fined the company for violating children’s privacy.
Today, I want to talk a bit about this fine, because these kinds of financial penalties are one of the main ways that regulators try to keep big tech companies in check. Many large tech companies, including Meta, TikTok and YouTube have been fined before, but historically, the fines are too little too late. This latest 405 million Euro penalty might be an amount that will get Meta’s attention, which is a move in the right direction. But even so, the fine still comes too late.
It all started more than two years ago when Ireland’s Data Protection Commission opened an investigation into the default settings for business accounts on Instagram. These accounts would publish phone numbers and email addresses automatically, regardless of the age of the person behind the handle. Apparently, more than 60 million users under the age of 18 switched from a personal IG account to a business account, partly motivated by the ability to see stats like how many people had visited their profiles or viewed individual posts. Many of these younger users weren’t aware that the switch to a business account would publish their information by default.
These default settings meant that many, many users between the ages of 13 to 18 had their information made public. It also meant that adults they didn’t know could contact them. A spokesperson from Meta says that the ruling focuses on old settings that have since been updated and that the company plans to appeal the fine. That’s not surprising, since this is the largest fine ever for Meta—and the second largest in the EU after a 746 million Euro fine against Amazon last year for violating the General Data Protection Regulation.
The amount of the fine is significant because it’s larger than what we’ve seen in the past. Consider the fine TikTok paid for violating children’s privacy on its platform: $5.7 million USD. Even the record-setting $170 million USD fine against YouTube starts to look small when compared to 405 million Euros. Arguably, regulators are at least getting closer to a consequential number.
While that is cause for optimism, larger fines on their own aren’t enough to protect our children online. That’s because Instagram has still reaped the benefits of building its business off of younger users, questionable practices and privacy violations. And even as the fines increase, they still aren’t preventing this kind of behavior in the first place. The penalty still only comes after the damage is arguably already done.
When companies are incentivized to grow at all costs, and regulators can’t dole out harsh enough consequences to compel them to respect our children’s privacy, the onus falls on parents. We’re tasked with keeping our kids safe—and that can feel like an impossible feat on top of all the other things we have on the go. What we really need are platforms that care about our kids’ wellbeing from the outset. And we need companies that don’t trade our children’s privacy for the sake of profits.
A deeper dive
Here are a few helpful resources in case you want to really dig into today's topic:
This latest fine is the third fine against Meta in the past two years. As the New York Times, explains, “[l]ast year, regulators fined Meta 225 million euros for violations related to the messaging service WhatsApp. In March, the authorities fined the company 17 million euros over a data breach.”
Lots of experts are skeptical that fines can ever truly deter companies from violating regulations. Tech Monitor recently took a look at this debate where it concerns anti-competitive regulations rather than privacy regulations, and here’s what they found: “[s]ome argue that despite their low value compared with the tech giants’ profits, fines apply pressure for reform. Others say competition law is entirely incapable of breaking digital monopolies, and radically new approaches are needed.”
TL;DR
Too long; didn't read. It shouldn't be a full-time job to keep up on industry news, so here is a mercifully quick summary of some other notable developments:
If you’ve been following along the last few weeks, you’ll be familiar with the argument that tech platforms where you can hide or edit messages can be dangerous for children. That’s because it gives bad actors ways to hide bad actions when they’re communicating with children. The latest messenger to add this feature is iMessage. When you update to iOS 16, you’ll be able to edit messages and unsend them within two minutes.
If you’re opening links in iOS apps for Facebook or TikTok, you might be opening links in a “custom browser.” These custom browsers, which are built by the social platforms, could enable them to collect a lot of data, including your keystrokes. But, there are ways you can get around the custom browsers. “To avoid potential creepiness, open links in Instagram, Facebook, Snap and LinkedIn by opening the link then tapping the three dots in the upper right corner and selecting ‘open in browser.’”
And lastly
Here are a few more pieces of original writing from me and my team—just in case you're keen for more:
I’ve written before that the problem with children’s privacy in the US isn’t a lack of legislation. It’s a lack of enforcement of the legislation. Perhaps after seeing larger fines levied in the EU, we’ll begin to see a similar trend in the States. Anyhow, we can always dream.
Children’s privacy legislation in the US covers children under 13. If you’ve ever wondered why that’s the magic age, check out this piece from my team.