Over the last five years of GDPR, the most popular social media platforms (Facebook, Instagram, TikTok, Whatsapp, and X, formerly Twitter) were fined over €2.9B for GDPR breaches, of which €765M was for inadequate protection of children’s data, a study by Surfshark shows.

Says Agneska Sablovskaja, Lead Researcher at Surfshark:

“Half of the most popular social media platforms examined have received GDPR fines from European data protection authorities, with a third of these fines linked to privacy issues concerning children.

“Such penalties demonstrate the imperative to hold major social media players accountable for their data handling practices, ensuring that the privacy and safety of all users, especially children, is given the utmost consideration and care.”

Key insights: Out of the top 10 investigated social media platforms, half were fined by European data protection authorities. In total, there have been 13 fines levied on these platforms, totaling €2.9B. Meta-owned social media products (Facebook, Instagram, Whatsapp) feature prominently amongst platforms that have received fines under GDPR, adding up to €2.6B. TikTok received the third highest amount in fines (€360M), while X (formerly Twitter) received the lowest and only one fine in late 2020, totaling €450k. A third of all fines handed out to social media platforms are related to mishandling children’s data. Three of these were given to TikTok (€360M), and one was received by Instagram (€405M).



These cases include issues like unclear privacy policies, setting accounts to public by default, and failing to enforce age restrictions, underscoring the importance of safeguarding children’s online privacy.

