Given that numerous US tech companies have their headquarters in Ireland, they fall under European regulations regarding data protection.
DPC investigates Facebook account data managementThe DPC (Digital Preservation Coalition) is currently investigating if Facebook (Instagram owner) enforces appropriate policies regarding children's accounts, and whether or not it has a legal basis to do so.
At the same time, the EU regulator investigates whether Facebook is GDPR-compliant. This investigation aims to find how Instagram manages account settings and profile visibility.
Currently, you must be at least 13 years old to be eligible for an Instagram account. The investigation will hopefuly shed light on Facebook's ability to safekeep children's data protection rights.
Children account information made availableDuring a 2019 research based on 200,000 Instagram accounts, David Stier has estimated that more than 60 million under-18 users had the opportunity to switch to business accounts.
It's widely-known that Instagram is popular amongst teenagers so regulations were in order regarding data protection for under-18 accounts. As we stated above, some personally-identifiable data is visible on business accounts.
Furthermore, the sensitive information was also available in the pages' HTML source code. This situation would make it possible for hackers to extract and store said info quite easily.
Therefore, it's safe to assume that teenagers who chose to migrate to business accounts made their phone numbers and email addresses public, which is a real reason for concern.
Facebook removed contact info from source codeIn a Medium blog post, David Stier explained how his findings were reported to Facebook. In turn, the social media giant decided to remove the personal info from the HTML source codes of Instagram pages.
However, Facebook reportedly refused to mask phone numbers and email addresses in business accounts.