EU investigating Instagram over potential child data breach

Lucy Harley-McKeown
·3 min read
Close up side view young mixed race people sitting in a row with gadgets, discussing new mobile phone apps, watching funny videos, sharing information or contacts, interacting with each other.
The DPC is the EU’s regulator for compliance with General Data Protection Regulation (GDPR). It looks after monitoring the application of that law in the EU and EEA. Photo: Getty

The EU is investigating Instagram’s handling of children’s personal data, in the latest scrutiny concerning tech companies on the continent.

Facebook (FB), the social media app’s owner could face a large fine if it is found to have broken the law.

Ireland’s Data Protection Commissioner (DPC), which came into force in 2018, is looking into complaints that Instagram has made contact information on business accounts publicly available to anyone accessing the app.

The DPC is the EU’s regulator for compliance with General Data Protection Regulation (GDPR). It looks after monitoring the application of that law in the EU and EEA.

Reports by the BBC say that the investigations stem from whether Facebook has a legal basis to process the personal data of children, and if the right protections and restrictions have been applied by the social media company.

Data scientist David Stier estimated in February 2019 that about 60 million Instagram users under the age of 18 were given the option to switch their personal accounts to business profiles. Instagram’s minimum age limit is 13.

Watch: Facebook and Twitter facing backlash after restricting NY Post Hunter Biden story

"Instagram is a social media platform which is used widely by children in Ireland and across Europe," Graham Doyle, a deputy commissioner with DPC told the BBC.

Doyle said that the DPC has been actively monitoring complaints received from individuals. It has identified potential concerns on the processing of children’s personal data on Instagram “which require further examination.”

Facebook is also on the block at the moment for a separate GDPR matter related to Instagram. The regulator is looking into whether Facebook is adequately protecting the data protection rights of children as vulnerable persons.

A Facebook spokesperson said: "We’ve always been clear that when people choose to set up a business account on Instagram, the contact information they shared would be publicly displayed. That’s very different to exposing people’s information. We’ve also made several updates to business accounts since the time of Mr Stier's mischaracterisation in 2019, and people can now opt out of including their contact information entirely. We’re in close contact with the IDPC and we’re cooperating with their inquiries.”

Instagram gives information about what contact information might be made available when you convert your account to a business account on the app.

READ MORE: Stocks up on US vaccine hopes this year despite China GDP miss

This is just one of a number of legal challenges Facebook and other “big tech” companies have faced on the continent.

Earlier this year, the EU investigated whether Facebook was distorting the classified advertising market by promoting its free Marketplace service to its users.

Facebook has also said that EU antitrust investigations were invading its employees privacy.

Watch: Why job losses have risen despite the economy reopening