Illustration by Alex Castro / The Verge

Ireland's Data Protection Commission fined Meta 405 million after an investigation into how it handled teens' data. The decision and fine were finalized last Friday and will be published next week.

The deadline for the DPC to make a decision was this week. The investigation began almost two years ago and focused on two ways in which the company may have broken the rules. The contact information of young users who set up business accounts on the platform was made public. Users switch to business accounts because they get access to more engagement data. The accounts of some young people were made public.

The privacy policy of the messaging service was ordered to be changed. There was a much smaller fine for record-keeping issues. Dozens of other investigations are underway against Big Tech companies.

This is the third and largest fine the DPC has imposed on Meta

Meta said in a statement that it updated the public-by-default setting more than a year ago, and that anyone under 18 automatically has their account set to private when they joinInstagram, so only people they know can see what they post. The company told the AP that it disagrees with how the fine was calculated.

The way Meta handles the online experience if its youngest users has been under a lot of scrutiny in the last couple of years, thanks in part to Frances Haugen's testimony about the effects of social media. More products for those young users have been met with a lot of backlash. Adam Mosseri said last year that he believed parents would prefer an age-appropriate version of the app over the alternative. He promised to work with regulators and Meta cooperated with the DPC.