Regulators in the Republic of Ireland reportedly slapped a €405 million fine on Instagram parent Meta Platforms for alleged violations of rules related to handling teenagers’ data.

The fine from the country’s Data Protection Commission (DPC) was reported by multiple news outlets, with UK newspaper The Guardian stating it was for allowing users aged between 13 and 17 to set up business accounts publicly displaying email addresses and phone numbers.

Instagram’s policy apparently contravenes European Union general data protection rules (GDPR). Imposition of the fine follows a two year investigation by the regulator, which also reportedly uncovered a policy where teenagers could open accounts which were set to public by default.

Reuters reported the company plans to appeal the decision, noting it disagreed with how the fine was calculated. A Meta Platforms representative told the news publication it had various features in place to keep children safe on Instagram.

The results of its investigation and detail of the fine are expected to be published in full by the DPC next week. The regulator holds sway because Meta Platforms’ European operations are headquartered in the nation.