Ireland's Data Protection Commission (DPC), the supervisory authority for EU's General Data Protection Regulation (GDPR), has launched inquiries into Instagram after concerns were raised about its handling of children's personal data. If the social network is found to have broken privacy laws, Facebook, which owns Instagram, could face hefty fines.
Complainants allege that Instagram made contact information on business accounts publicly visible to anyone using the app. Last year, David Stier, a U.S. data scientist, analyzed profiles of roughly 200,000 users on the app and estimated that each year, at least 60 million users under the age of 18 were given the option to turn their profiles into business accounts. Since business accounts on the app necessitate that users display their phone numbers and email addresses publicly, their contact information is visible to other users.
The Irish regulator is probing whether Facebook has enough protections and restrictions in place to protect children's personal data. Additionally, it is investigating whether the Menlo Park firm has complied with the GDPR requirements in relation to the matter at hand. Graham Doyle, a deputy commissioner at DPC, stated:
"The DPC has been actively monitoring complaints received from individuals in this area and has identified potential concerns in relation to the processing of children's personal data on Instagram which require further examination."
According to the new regulations in place, regulators may issue fines for violations up to four percent of a company's global revenue or $22 million, whichever is higher.