Ireland’s Data Protection Commissioner (DPC) is currently investigating Instagram over charges of mishandling of personal data of children on its platform.
If Instagram is found to have broken privacy laws a large fine could be imposed on the social media app’s owner Facebook.
This announcement of the investigation comes after reports were published about Instagram failing to protect data which included the allowance by the company to make public email addresses and phone numbers of those under 18 y7ears of age.
No comments from Facebook on the development were available.
Ireland is the European headquarters of a number of United States based tech giants and the DPC is the main European Union regulator according to the EU General Data Protection Regulation (GDPR) which was implemented in 2018.
With the power of issuing large fines, protecting individuals’ right to online privacy is the major task of the DPC.
Whether there is any legal basis available with Facebook for processing personal data of children as well as whether the social media company employs adequate protections and restriction to prevent usage of children’s personal data on Instagram is being investigated by the Irish regulator.
With respect to Instagram’s profile and account settings, whether Facebook has adhered with GDPR requirements is also being looked at separately.
Whether Facebook is adequately protecting the data protection rights of children as vulnerable people is also being investigated by the DPC.
The minimum age for having an Instagram account is 13.
“Instagram is a social media platform which is used widely by children in Ireland and across Europe,” said Graham Doyle, a deputy commissioner with DPC.
“The DPC has been actively monitoring complaints received from individuals in this area and has identified potential concerns in relation to the processing of children’s personal data on Instagram which require further examination.”
Profiles of almost 200,000 Instagram users across the world were analysed by data scientist David Stier in February 2019. According to his findings, the option of easily changing their profiles into business accounts was being offered by Instagram to at least 60 million users under the age of 18 years.
Business accounts on Instagram require users to clearly and publicly display their phone numbers and email addresses which means that other Instagram users can easily view personal data belonging to many users.
The HTML source code of web pages accessed when using Instagram on a computer also contains the sae personal information which meant that such personal information can be “scraped” by hackers.
The findings were reported to Facebook by Stier. He however alleged, in a blog, that Instagram had refused to mask the email addresses and phone numbers displayed in busisness accounts.
But the contact information was agreed to be removed by Facebook from the source code of Instagram pages.
“Do we have a responsibility to keep kids’ phone numbers and emails hidden so that strangers can’t find them just by clicking a button?” wrote Stier. “Speaking as a parent, I want to be assured that the experience Instagram offers to teens is as ‘adult-overseen’ as possible.”
(Adapted from BBC.com)