Instagram is being investigated by Ireland’s Data Protection Commissioner (DPC) following alleged concerns over how they may handle children’s data.
The DPC is investigating whether Instagram (owned by Facebook) has employed adequate protections and restrictions for children on the app, and are looking into how they process children’s personal data.
Instagram has reportedly taken preventative steps to desist the exposing of children’s data. However, Instagram/Facebook could have still allegedly broken the GDPR because of the potential for under-18’s phone numbers and email addresses being displayed publicly online, it has been alleged.
Instagram’s handling of children’s data – investigation
The investigation comes after US data scientist, David Stier, reportedly complained about Instagram’s alleged handling of personal data, following his own investigation. Stier is understood to have analysed 200,000 Instagram profiles from around the world and estimated that, for at least a year, 60 million users under the age of 18 could easily change their profiles to business accounts.
When choosing the option to change your Instagram profile into a business profile, the platform appears to allow personal information to be easily accessed. To create a business profile, it is understood that you must display your email address and telephone number to the public. This is understood to mean that a child’s personal information could, in theory, be displayed freely to other Instagram users. The same information is also said to have been displayed in the HTML code of Instagram profiles when accessed on a desktop rather than the app.
A spokeswoman for Facebook defended the accusations, saying: ‘We’ve always been clear that when people choose to set up a business account on Instagram, the contact information they shared would be publicly displayed. That’s very different to exposing people’s information.’
Following the accusations, Instagram is understood to have made updates to business accounts that mean no personal information needs to be displayed at all.
The GDPR for handling children’s data
The General Data Protection Regulations (GDPR) state that, when handling children’s data, companies should:
- Design processing so that it provides sufficient protection for children;
- Put in place proportionate measures to prevent or deter children from providing their personal data;
- Take appropriate actions to enforce any age restrictions you have set;
- Implement up-front age verification systems
The GDPR also states explicitly that specific protection is required where children’s personal data is used for marketing purposes or for creating personality or user profiles.
This highlights the issue of any platform potentially allowing children’s data to be displayed publicly. Email addresses and telephone numbers of under 18’s is personal information that should be protected by the applicable platform.
The Data Leak Lawyers
Your Lawyers – T/A The Data Leak Lawyers – is a specialist data breach law firm that has recovered millions of pounds for thousands of claimants across multiple case types and actions. We have lots of experience fighting for justice for victims of data breaches, hacks and leaks, and we could help you too.
If you have been a victim of any data breach, do not hesitate to get in touch with our team today. Our lawyers can offer No Win, No Fee representation for eligible claimants meaning that, if you don’t win your claim, we can waive our legal fees, subject to the terms and conditions of the agreement.
IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.
Request a call back from our team
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
All fields marked with an * are required.
First published by Matthew on November 05, 2020
Posted in the following categories: Cybersecurity Data GDPR Latest Security and tagged with cybersecurity | data controllers | data leak | gdpr | online security | personal data | social media data breaches