EC Found that Meta Breached DSA in Child Protection

The European Commission has found that Meta Platforms breached the Digital Services Act (DSA). The preliminary ruling claims that the company failed to prevent children aged under 13 years from accessing Instagram and Facebook.

The EC stated that an investigation commenced in 2024 found Meta failed to diligently identify, assess, and mitigate the risks of children using its services. Meta now has the opportunity to respond to the EC’s ruling and take measures to remedy the breaches. If the concerns are not addressed, the EC could hit the company with a fine of as much as 6% of its annual global revenue.

Despite Meta’s terms and conditions setting the minimum age to access Instagram and Facebook at 13 years, the EC stated the company’s enforcement measures appear ineffective. It also has not adequately put a process in place to identify or remove children if they gain access. The EC found that children aged less than 13 years can create an account using a false birth date, with no effective controls in place to check if it is correct.

It claims that Meta’s tools for reporting children on its sites are difficult to use and not effective, and that there is no proper follow-up process once a report is lodged, leaving the child able to continue using the company’s services. As a result, the EC said children are being exposed to age-inappropriate experiences.

The EC pointed to evidence across the EU showing that roughly 10% to 12% of children under 13 years old are accessing Instagram and Facebook. It stated that Instagram and Facebook must change their risk assessment methodology, strengthen measures to prevent, detect, and remove children, and counter and mitigate risks of what content they could find on their platforms.