Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Audits

Irish Regulator Investigates Instagram Over Children’s Data

Irish privacy regulators have opened two investigations into Instagram over the social media site’s handling of young people’s personal data.

Irish privacy regulators have opened two investigations into Instagram over the social media site’s handling of young people’s personal data.

Ireland’s Data Protection Commission said it launched the investigations in September after receiving complaints about the company. Facebook, which owns Instagram and has its European headquarters in Ireland, said it’s in “close contact” with the commission and is “cooperating with their inquiries.”

The investigations were first reported late Sunday by Britain’s Daily Telegraph newspaper, which said they came after a U.S. data scientist aired concerns that Instagram made public the email addresses and phone numbers of people under 18. The minimum age to use Instagram is 13.

Data scientist David Stier said last year that his analysis found users, including those under 18, who switched their account types to business accounts also had their contact information displayed on their profile. Users were apparently switching to business accounts in order to see statistics on how many likes their posts were getting, after Instagram started removing the feature from personal accounts in some countries to help with mental health.

Facebook said it updated its business accounts since Stier’s findings and “people can now opt out of including their contact information entirely.”

One investigation will look into whether Facebook has adequate safeguards in place for children and whether it has a legal basis to process their data. The other focuses on whether Instagram’s profile and account settings are appropriate for children and follow strict European Union privacy regulations.

“The DPC has been actively monitoring complaints received from individuals in this area and has identified potential concerns in relation to the processing of children’s personal data on Instagram which require further examination,” Deputy Commissioner Graham Doyle said in a statement.

Companies can be fined up to 4% of a company’s annual revenue or 20 million euros ($24 million) — whichever is higher — for breaches of the EU’s General Data Protection Regulation.

Related: Irish Regulator Investigates Facebook Over Exposed Passwords

Related: Irish Regulator Probes Google, Tinder Over Data Processing

Related: Facebook Spars With EU Regulator Over Dating App Delay

Related: New Mexico Sues Google Over Collection of Children’s Data

Written By

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Audits

Out of the 335 public recommendations on a comprehensive cybersecurity strategy made since 2010, 190 were not implemented by federal agencies as of December...

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Privacy

The EU's digital policy chief warned TikTok’s boss that the social media app must fall in line with tough new rules for online platforms...

Privacy

Meta was fined an additional $5.9 million for violating EU data protection regulations with WhatsApp messaging app.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Google’s Threat Analysis Group (TAG) has shared technical details on an Internet Explorer zero-day vulnerability exploited in attacks by North Korean hacking group APT37.