Facebook, Instagram’s parent company, is under investigation by Ireland’s Data Protection Commissioner (DPC) for possible data privacy violations, said BBC. The scrutiny stemmed from the photo-sharing platform’s handling of data owned by underaged users.
Reports have been filed regarding Instagram’s lack of protection when it comes to children’s data, including the public exposure of email addresses and phone numbers.
The scrutiny was launched by the DPC after a complaint by data scientist David Stier. In a 2019 research, Stier evaluated around 200,000 Instagram profiles and found that minors can easily switch their accounts into business profiles.
As per Instagram requirements, business profiles should publicly show contact details, which compromises the privacy of underaged users.
In a post, Stier made about this study, the main attraction of switching to business accounts is the analytics that allows users to see engagements and other details about their posts.
Aside from this requirement, Stier found that these personal details appear in Instagram pages’ HTML source codes. This makes the info vulnerable to hackers via scraping. Stier also alleged that hackers were able to acquire the info of 49 million users.
Stier’s post revealed that Facebook denied requests to conceal email addresses and phone numbers for business profiles. However, the company agreed to remove the details from HTML source codes.
The DPC, which serves as the lead regulator in the European Union provided by the 2018 General Data Protection Regulation (GDPR), is in charge of protecting rights to online privacy, the commission can issue hefty fines to organizations proven guilty.
With Instagram being a popular platform among children in Ireland and all over Europe, DPC deputy commissioner Graham Doyle “has been actively monitoring complaints received from individuals in this area.”
Additionally, the organization “has identified potential concerns in relation to the processing of children’s personal details on Instagram which require further examination.”
With the data mishandling reports, the regulator will be looking at the legality of Facebook’s handling of underaged individuals ’ data. Moreover, it will be looking at Instagram’s account and profile settings to see whether it complies with the GDPR’s provisions.
According to BBC, the social media company is working with the DPC but denied the legitimacy of the claims. A Facebook spokesperson also said that Stier’s claims “were based on a misunderstanding of its systems.”
Moreover, the spokesperson said, “We’ve also made several updates to business accounts since the time of Mr. Stier’s mischaracterization in 2019, and people can now opt out of including their contact information entirely.”
