Christ, that type of penalty has no bearing of actual damages. They kept the data longer than another party thought was needed. The actual damage was minimal. They have a robust set of controls and are one of the better tech companies to work with in regards to child protection. A whole hell of a lot more than these lemmy instances doing literally nothing to protect childrens data.