Social media marketing and messaging has become a high-risk activity in the GDPR era, with the most popular platforms – Facebook, Instagram, TikTok, WhatsApp, and X – being slapped with fines totalling over €2.9bn (£2.5bn) since the regulation came into force in May 2018.
That is according to a new analysis by online security firm Surfshark, which reveals that, out of the top 10 investigated social media platforms, half were fined by European data protection authorities. In total, there have been 13 fines levied on these platforms, reaching €2.9bn.
Meta-owned social media brands (Facebook, Instagram, WhatsApp) feature prominently among the platforms that have received GDPR penalties, adding up to €2.6bn. TikTok received the third highest amount in fines (€360m), while X (formerly Twitter) received the lowest, with only one fine in late 2020 of €450,000.
A third of all fines handed out to social media platforms are related to mishandling children’s data; three to TikTok, totalling €360m, and one for Instagram of €405m.
These cases include issues like unclear privacy policies, setting accounts to public by default, and failing to enforce age restrictions, underscoring the importance of safeguarding children’s online privacy.
Surfshark lead researcher Agneska Sablovskaja said: “These penalties demonstrate the imperative to hold major social media players accountable for their data handling practices, ensuring that the privacy and safety of all users, especially children, is given the utmost consideration and care.”
TikTok insists ‘we’ve changed’ following €345m EU fine
Meta rocked by EU data transfer block and €1.2bn fine
Meta bows to GDPR ruling to block personalised ads
Privacy group vows to ensure that WhatsApp coughs up
Irish up WhatsApp fine 350% to €225m after EDPB call
TikTok whacked with £12.7m fine for UK privacy failings