Ireland’s Data Protection Commission (DPC) is investigating Facebook-owned Instagram over its practices in handling personal data of children on the platform. According to the complaints received by the regulator, Instagram allows users to easily change their personal accounts to business accounts, which in turn exposed their email address and contact information.
The DPC is reportedly conducting two separate inquires over the situation. As reported by The Telegraph, the first investigation will focus on Instagram’s account settings, while the other is dedicated to the availability of contact details on business accounts.
“The DPC has been actively monitoring complaints received from individuals in this area and has identified potential concerns in relation to the processing of children’s personal data on Instagram which require further examination,” Graham Doyle, a deputy commissioner with DPC told The Telegraph.
The privacy concern was first brought to attention when a US data scientist named David Stier conducted an analysis of over 200,000 Instagram accounts across multiple countries. According to Stier, the company even added contact information in the code of the web version of Instagram until last year.
Having a business account provides access to a few additional insights and analytics of posts, but users, especially children, might not be aware that switching to a business account publicly shows the e-mail and contact information on their Instagram profile.
Instagram, however, has changed its approach with business accounts since then and it now requires users to opt-in for revealing their contact information. If the regulator is satisfied with the proposed privacy concerns, it has the power to levy fines up to 4 percent of the brand’s global revenue or up to 20 million euros.