Meta Platforms, the parent company of Facebook, Instagram, and WhatsApp, has been ranked the most heavily fined social media company under the European Union’s General Data Protection Regulation (GDPR), according to a new report by cybersecurity firm Surfshark.
The report reveals that Meta has €2.7 billion in fines from the collective €3.9 billion for GDPR violations, which was allocated to the ten most popular social media platforms by monthly active users, as half of them are Facebook, Instagram, TikTok, LinkedIn, and X.
These enforcement actions, as stated by the report, are primarily for violations tied to the misuse of personal data, including that of children.
Read also: Nigeria calls Meta’s bluff, says exit won’t make issues go away
The report stated that Instagram alone was fined €405 million in 2022 after it was discovered that business accounts created by children were set to public by default, exposing sensitive information without proper consent.
Facebook followed with a €251 million penalty in late 2024 due to a data breach that also compromised the personal data of minors. LinkedIn and X have each received a single GDPR fine of €310 million and €450,000, respectively.
TikTok has also been under intense scrutiny, incurring three fines related to child data misuse, totalling €360 million. With the latest fine issued in 2025, TikTok’s total GDPR-related penalties now stand at €890 million.
The EU’s enforcement of GDPR has intensified in recent years, especially as platforms expand their reach and collect increasing amounts of user data. However, the five other major platforms, YouTube, Snapchat, Pinterest, Reddit, and Threads, have not been fined.
