The commission in Europe responsible for handling Facebook data has decided to investigate Instagram’s methodology of kids’ data handling.
Ireland’s Data Protection Commission (DPC) has decided to go ahead with this investigation almost a year after reports came in, stating that there was an issue in the manner in which Instagram was processing data related to minors. David Stier, a scientist based in the US, expressed concerns last year that data belonging to minors on Instagram was very much accessible, and it was not protected at all.
According to Stier, kids who updated their Instagram account settings to switch over to a business account had their personal data such as email addresses and phone numbers exposed to everyone. Stier had stated that the data of “millions” of kids was at stake since it was very accessible.
Facebook contradicted the issues highlighted by Stier, stating that it is a well-known fact and users are quite well aware of the situation that their data information is made visible to everyone whenever there is a shift from a normal account to a business account on Instagram. People can refrain from projecting their personal information in case they do not want to whenever they decide to move over to a business account.
However, the EU regulator responsible for the data handling on Facebook has stated that it can foresee “potential concerns” in the method in which Instagram is managing kids’ data. According to the Telegraph, the EU regulator has been checking the details in response to the concerns highlighted against Instagram since late last month.
The Irish DPC has affirmed about two new inquiries floating about regarding Instagram’s data-handling methodology related to minors. It also accepted the fact that Instagram is indeed quite famous amongst kids in Ireland and the whole of Europe. It further stated that “The DPC has been actively monitoring complaints received from individuals in this area and has identified potential concerns in relation to the processing of children’s personal data on Instagram which require further examination.”
According to the regulator, the first investigation will be conducted to examine Facebook’s legal basis to check how the platform handles children’s personal information. It will also be checking if there are appropriate security measures in place when it comes to sensitive data management.
The DPC has given the following statement concerning the first Inquiry:
“The DPC will set out to establish whether Facebook has a legal basis for the ongoing processing of children’s personal data and if it employs adequate protections and or restrictions on the Instagram platform for such children. This Inquiry will also consider whether Facebook meets its obligations as a data controller with regard to transparency requirements in its provision of Instagram to children.”
The second investigation will pay attention to the Instagram profiles of kids as well as their account settings. It went on to say the following regarding the second Inquiry:
“Amongst other matters, this Inquiry will explore Facebook’s adherence with the requirements in the GDPR in respect to Data Protection by Design and Default and specifically in relation to Facebook’s responsibility to protect the data protection rights of children as vulnerable persons.”
In response to the above two inquiries, a spokesperson from Facebook stated the following:
“We’ve always been clear that when people choose to set up a business account on Instagram, the contact information they shared would be publicly displayed. That’s very different to exposing people’s information. We’ve also made several updates to business accounts since the time of Mr. Stier’s mischaracterisation in 2019, and people can now opt out of including their contact information entirely. We’re in close contact with the IDPC and we’re cooperating with their inquiries.” Facebook could run into trouble if it is found violating any GDPR code of conduct.
Image source: Techcrunch