Ireland’s Data Protection Commission said Monday that it fined Instagram owner Meta Platforms Inc. 405 million euros ($402 million) in a long-running investigation into allegedly mishandling data about minors who operated business accounts, which exposes more of their personal data than if they operated a personal account.

The Irish data regulator, which leads privacy enforcement in the EU for Meta and other technology companies with European headquarters in Ireland, affirmed its decision after implementing changes requested by a body representing all bloc privacy regulators and planned to publish it next week.

Meta responded by arguing that the decision is related to old settings that they had updated more than a year ago and that they intend to appeal the fine and its amount. 

Facebook’s Choices Are 'Disastrous’ for Children, Democracy

According to the Facebook whistleblower, Frances Haugen, internal documents she gathered showed negative impacts from the company and urged lawmakers to consider stricter regulations regarding the matter. 

Up until late 2019, Meta called the business users’ contact information display a default setting, but is now an optional one, adding that users under the age of 18 now have their accounts set automatically to private upon signing up, alongside other new safety features. 

The decision hits sensitive areas for social media platforms as the company focuses on the issue of children, as it targets their handling of minors on their services. Following articles published by The Wall Street Journal citing the company's internal research, Instagram faced criticism and investigations for being harmful to teenage girls with body-image concerns, and the company later paused the development of an Instagram kids app.

California lawmakers passed a bill last week requiring social-media app makers like TikTok and Instagram when designing to take into consideration the mental and physical health of minors, but it has yet to become signed into law. 

The Instagram fine amounts to approximately 1% of Meta’s net income for 2021 but might forecast potential EU privacy decisions with more significant impacts to force changes to the practice of data collection by big tech companies if confirmed in court appeals, which could have effects on the broader digital advertising and social-media sectors.

Ireland already has 37 other pending privacy cases involving big tech companies, which include a case investigating whether Meta has the right to collect certain information about its users as a condition of using the service and whether some of the standard digital-ad auctions comply with EU law.

Another case led by Ireland could potentially order Facebook to stop sending data about its users to servers in the US, but Meta said in securities filings that if enforced before the EU and the US figure out a new legal route for data transfers, it could suspend some of its services in Europe.

The privacy cases come at the same time EU regulators have been aggressive in enforcing its General Data Protection Regulation after complaints from privacy activists that regulators in Ireland have been too slow at doing the job. Regulators, under the law, have the right to join in on cases that stretch across borders, and they have been taking advantage of that right for additional charges and larger fines in recent decisions.

Last year, Luxembourg fined Amazon.com Inc. 746 million euros and Ireland fined WhatsApp 225 million euros for alleged privacy violations, with both companies opposing the decisions and saying they would appeal.