Irish regulators have fined Instagram €405m for violating children's privacy.
The long-running complaint concerned children's data - particularly their phone numbers and email addresses.
Instagram's owner, Meta, said it planned to appeal against the decision. It is the third fine handed to the company by the regulator.
"We adopted our final decision last Friday and it does contain a fine of €405m [£349m]," Ireland's Data Protection Commissioner (DPC) said.
A Meta official told BBC News: "This inquiry focused on old settings that we updated over a year ago and we've since released many new features to help keep teens safe and their information private.
"Anyone under 18 automatically has their account set to private when they join Instagram, so only people they know can see what they post and adults can't message teens who don't follow them.
"We're continuing to carefully review the rest of the decision."
The DPC regulates large technology companies with European headquarters in the Republic of Ireland.
It has never given such a large fine for a breach of the European Union's General Data Protection Regulation.
But last year, it fined WhatsApp €225m, while Luxembourg's data authority fined Amazon a record €746m.
National Society for the Prevention of Cruelty to Children (NSPCC) child-safety-online policy head Andy Burrows said of Instagram's fine: "This was a major breach that had significant safeguarding implications and the potential to cause real harm to children using Instagram.
"The ruling demonstrates how effective enforcement can protect children on social media and underlines how regulation is already making children safer online.
"It's now over to the new prime minister to keep the promise to give children the strongest possible protections by delivering the Online Safety Bill in full and without delay."