An Irish data privacy regulator has launched two investigations into Instagram over its practices in handling the personal data of children on its platform.
Ireland’s Data Protection Commission (DPC) has launched two investigations into Instagram over its practices in handling the personal data of children on its platform.
According to the complaints received by the main data privacy regulator of EU, the Facebook-owned social media giant has been allowing its users to easily change their personal accounts to business accounts.
As a result, US-based data scientist David Stier said that this has exposed the email addresses and contact information of nearly five million children.
Stier warned that these personal details could be accessed by notorious hackers for large-scale data collection when using the web interface of the platform.
Deputy Commissioner Graham Doyle said DPC has launched two separate inquiries over the situation in September.
“The DPC has been actively monitoring complaints received from individuals in this area and has identified potential concerns in relation to the processing of children’s personal data on Instagram which require further examination,” Doyle said in a statement.
“This inquiry will also consider whether Facebook meets its obligations as a data controller with regard to transparency requirements in its provision of Instagram to children,” he added.
A spokesperson for Facebook said that the platform has not failed in making its users aware that their contact information would be displayed publicly when they switch their account types into business accounts on Instagram.
“We’re in close contact with the IDPC and we’re cooperating with their inquiries,” the spokesperson added.
A company that would be proven to have violated the EU’s General Data Protection Regulation could be fined 20 million euros ($24 million) or up to 4% of its annual revenue.