Data Breach: EU investigates Instagram over privacy concerns

*Regulators are concerned that children’s e-mail addresses, phone numbers may have been displayed publicly

*Facebook, Instagram’s owner, could face a fine of as much as 4 percent of its annual worldwide revenue if the app is found to have broken privacy laws

Alexander Davis | ConsumerConnect

Europe’s lead regulator is investigating Instagram over the way the tech giant handles children’s personal information in the cyberspace.

The probe, which is being carried out by Ireland’s Data Protection Commissioner (DPC), was launched in response to reports that Instagram offered business accounts to kids as young as 13 years old, says BBC.

Regulators are concerned that children’s e-mail addresses and phone numbers may have been displayed publicly.

DPC Deputy Commissioner Graham Doyle said: “Instagram is a social media platform which is used widely by children in Ireland and across Europe,”

“The DPC has been actively monitoring complaints received from individuals in this area and has identified potential concerns in relation to the processing of children’s personal data on Instagram which require further examination.”

The DBC is looking into whether Instagram sufficiently protects personal data of children and whether it has restrictions in place to prevent exposure of that data. Facebook, Instagram’s owner, could face a fine of as much as four percent of its annual worldwide revenue if the app is found to have broken privacy laws.

As regards privacy concerns, the current probe stems from a 2019 complaint from David Stier, a data scientist who claimed that his analysis showed that Instagram offered “millions” of minors the option to change their profiles into business accounts in exchange for analytics information.

Report stated that the offer raises privacy concerns because switching to a business account requires the owner to display their phone numbers and email addresses publicly in the app.

The information was also contained in the HTML source code of web pages, meaning it could be “scraped” by hackers.

Stier, in a blog post, reportedly accused Instagram of refusing to mask users’ e-mail addresses and of not assigning an anonymized phone number, which “runs counter to the practice of nearly every website and app today.”

However, Facebook rejects such claims, as the tech giant’s Spokesperson told the BBC Monday, October 19, that it’s cooperating with the DBC, but it stated that Stier’s claims are based on a misunderstanding of its systems.

It stated: “We’ve always been clear that when people choose to set up a business account on Instagram, the contact information they shared would be publicly displayed.

“That’s very different to exposing people’s information.”

Facebook said it no longer embeds contact information in the source code of Instagram pages and that it has since added the option for users to opt out of including their contact information.

“We’ve also made several updates to business accounts since the time of Mr Stier’s mischaracterisation in 2019, and people can now opt out of including their contact information entirely.”

Kindly Share This Story