Irish data regulator probes Instagram use of child data

DUBLIN Ireland’s data protection agency is investigating Instagram following concerns over how the image-sharing social platform handles children’s personal data, a spokesman said yesterday.

The Data Protection Commission (DPC) has begun two probes into how the US firm — owned by Facebook — manages the personal data of those under 18s.

The first will “establish whether Facebook has a legal basis for the ongoing processing of children’s personal data and if it employs adequate protections,” a DPC statement said.

The second will test the “appropriateness” of Instagram profile and account settings for children, and examine the firm’s “responsibility to protect the data protection rights of children as vulnerable persons”.

The twin inquiries were sparked by complaints that “identified potential concerns…which require further examination”, the DPC said.

Both investigations are being conducted under the General Data Protection Regulation (GDPR) — the European Union (EU) charter of data rights which came into effect in May 2018.

It gives data regulators the power to impose stiff fines of up to €20 million (RM98 million) or 4% of the violating firm’s global revenue — whichever figure is higher.

Because Facebook maintains its European headquarters in Dublin, it falls to Ireland’s DPC (IDPC) to enforce GDPR and regulate the social media titan but its findings are coordinated with other data authorities in the EU.

A Facebook spokesperson said Instagram was “in close contact with the IDPC and we’re cooperating with their inquiries”.

The spokesperson added that the firm had made several updates to business accounts since 2019, allowing people to opt-out of including their contact information entirely.

“We’ve always been clear that when people choose to set up a business account on Instagram, the contact information they shared would be publicly displayed.

“That’s very different to exposing people’s information.” — AFP