Instagram, the popular social networking service owned by Facebook, has to respond in front of EU regulators about their handling of children’s data and concerns about putting children at risk for hacking or grooming.
The company is currently facing an investigation led by Ireland’s Data Protection Commissioner (DPC) – the lead European Union regulator under the EU’s General Data Protection Regulation (GDPR) – for allegedly failing to properly handle children’s personal data.
According to The Telegraph, which first reported on the news, the DPC opened a dual investigation. This is in response to claims that the app has put children at risk of grooming or hacking by revealing their contact details.
The first inquiry will focus on Instagram’s account settings and whether the app protects the users’ privacy, especially private information belonging to children. The second investigation will focus on the business account option and whether it is acceptable for it to display children’ contact information.
Graham Doyle, a Deputy Commissioner and Head of Corporate Affairs, Media, and Communications with the Irish Data Protection Commission (DPC) launched the investigation in late September, following a complaint by data scientist David Stier.
“Instagram is a social media platform which is used widely by children in Ireland and across Europe,” the Irish regulator stated.
Graham Doyle – Deputy Commissioner and Head of Corporate Affairs
“The DPC has been actively monitoring complaints received from individuals in this area and has identified potential concerns about the processing of children’s personal data on Instagram which require further examination.”
To create an Instagram account, the user must be at least 13 years of age. Last year, David Stier estimated that at least 60 million users between the ages of 13 and 18 have been given the option to switch their Instagram profiles to business accounts.
This which said users to publicly display their phone numbers and emails. However, the process does not require any verification and makes sensitive information available to other Instagram users.
So far, Facebook is fully cooperating with the DPC, but rejects Mr. Stier’s claims, as stated by a Facebook spokesperson for the BBC:
“We’ve always been clear that when people choose to set up a business account on Instagram, the contact information they shared would be publicly displayed. That’s very different from exposing people’s information.”Facebook
If Instagram is found to have violated Europe’s privacy laws, the social media app could be slapped with a significant fine. GDPR sanctions can equal as much as 4% of a company’s global revenue.
Following David Stier’s accusation from 2019, Instagram has since updated its business account feature. The social media platform made it possible for users to not reveal any of their contact details.