Instagram has had its fair share of controversy when it comes to its privacy practices. Now, the European Union has taken notice. Allegedly, Instagram had recently allowed business accounts to minors as young as 13 years old. This has opened the door for the exposition of their personal information. However, according to EU privacy laws this practice is illegal. It could result in large fines for Instagram’s parent company, Facebook.
The Data Protection Commissioner (DPC) in Ireland initiated the charges. Facebook will be examined to see whether it has the right to process children’s personal information.
Data privacy concerns
Deputy Commissioner Graham Doyle believes the concerns may be well justified. “Instagram is a social media platform which is used widely by children in Ireland and across Europe,” he said. “The DPC has been actively monitoring complaints received from individuals in this area and has identified potential concerns in relation to the processing of children’s personal data on Instagram which require further examination.”
Data Scientist David Stiers has suggested that this has been taking place since the beginning of last year. Instagram business accounts require email addresses and phone numbers of their users to be publicly displayed. This option was made available to minors with the potential to be abused.
This has unfortunately resulted in the widespread dissemination of minors’ personal information across the social network. Hackers are already taking advantage of this information to scrape the data from the HTML code for a database of millions of users.
Compliance with EU privacy regulations
As for Facebook, it rejects any claims of wrongdoing. “We’ve always been clear that when people choose to set up a business account on Instagram, the contact information they share would be publicly displayed,” a spokesperson told BBC reporters. “That’s very different to exposing people’s information.”
Regardless of the claims against it, Facebook is taking steps to avoid any further accusations or doxxing of personal information by removing the embedded contact information from Instagram’s source code. It’s also allowing users to opt out of including contact information.
Overall, the DPC’s charges against Facebook are a test on its adherence to EU privacy regulations. The EU has taken a special interest in the privacy of its citizens, and for the past few years has been campaigning for increased privacy regulations online.
Facebook is not the first company to come under scrutiny from European legislators. Google has already faced numerous challenges and fines as a result of the evolving legislation. If Facebook fails to comply with the data protection measures, it could face fines as high as four percent of its total annual revenue.