Ireland’s data protection agency is investigating Instagram following concerns over how the image-sharing social platform handles children’s personal data, a spokesman said Monday.
The Data Protection Commission (DPC) has begun two probes into how the US firm — owned by Facebook — manages the personal data of under 18s.
The first will “establish whether Facebook has a legal basis for the ongoing processing of children’s personal data and if it employs adequate protections,” a DPC statement said.
The second will test the “appropriateness” of Instagram profile and account settings for children, and examine the firm’s “responsibility to protect the data protection rights of children as vulnerable persons”.
The twin inquiries were sparked by complaints that “identified potential concerns… which require further examination,” the DPC said.
Both investigations are being conducted under the General Data Protection Regulation (GDPR) — the EU charter of data rights which came into effect in May 2018.
It gives data regulators the power to impose stiff fines of up to 20 million euros ($23.4 million) or four per cent of the violating firm’s global revenue — whichever figure is higher.
Because Facebook maintains its European headquarters in Dublin it falls to Ireland’s DPC to enforce GDPR and regulate the social media titan but its findings are coordinated with other data authorities in the EU.
Facebook did not immediately respond to a request for comment.