What Experts Say On EU Investigating Instagram Over Child Data Violations

Ireland’s Data Protection Commissioner is investigating Instagram over how the platform handles personal data of children. If the company has broken any privacy laws, Facebook, the parent company could be liable to pay a huge fine. Recently, reports highlighting Instagram’s inability to protect data gained traction online. According to the reports, Instagram allowed email addresses and phone numbers of minors, or those aged below 18, to become public.

Full story here: https://www.bbc.co.uk/news/business-54594825

Experts Comments

October 20, 2020
Jake Moore
Cybersecurity Specialist
ESET
Fines issued must always represent and match the magnitude of a data breach, if organisations are going to learn from them. In the past, we have far too often seen minimal cash fines that do not equal the risk of compromising data ending up in the wrong hands. Investigations such as this reduce the threat to the people involved, along with their data – which, in turn, reduces knock-on cyberattacks. Social networks store masses of personal data, which must be treated with the respect it.....Read More
Fines issued must always represent and match the magnitude of a data breach, if organisations are going to learn from them. In the past, we have far too often seen minimal cash fines that do not equal the risk of compromising data ending up in the wrong hands. Investigations such as this reduce the threat to the people involved, along with their data – which, in turn, reduces knock-on cyberattacks. Social networks store masses of personal data, which must be treated with the respect it deserves. This is even more important when it comes to protecting children’s data, who make up a vast portion of Instagram’s users. Parents must try and curb the amount of private data their children post online, as many children do not understand the long term risks or how their data could be used in the wrong hands.  Read Less
October 20, 2020
David Kennefick
Product Architect
edgescan
The most important piece of information that will be taken into account here is the trade-off. Children were offered additional analytics on their posts, provided they shared their contact details. The corresponding side of the trade-off is the phone and email contact information becomes public, this public data has already been misused as we have seen from the breach in India from May 2019, so a question needs to be asked: should children have even been given the option to expose their.....Read More
The most important piece of information that will be taken into account here is the trade-off. Children were offered additional analytics on their posts, provided they shared their contact details. The corresponding side of the trade-off is the phone and email contact information becomes public, this public data has already been misused as we have seen from the breach in India from May 2019, so a question needs to be asked: should children have even been given the option to expose their details? In many cases, I’m sure they used correct business-specific contact channels, but naturally, the fear would be many did not. Facebook and Instagram need to crack down on this and make it more difficult for people to expose their data.  Read Less
October 20, 2020
Mark Bower
Senior Vice President
comforte AG
For obvious reasons, children’s data collection and protection have very specific handling in many jurisdictions and called out in GDPR very specifically. While a data protection regulator is no substitute for parenting and education to ensure children begin to understand how their data is eventually used, vendors have the utmost responsibility for compliance and transparency. In GDPR Article 8, the consent requirements, age limitations, and responsibilities are very clear, especially around.....Read More
For obvious reasons, children’s data collection and protection have very specific handling in many jurisdictions and called out in GDPR very specifically. While a data protection regulator is no substitute for parenting and education to ensure children begin to understand how their data is eventually used, vendors have the utmost responsibility for compliance and transparency. In GDPR Article 8, the consent requirements, age limitations, and responsibilities are very clear, especially around consent. The fact that a data scientist has discovered trivial data exposure of what appears to be vulnerable minors in data collection applications is alarming if true. This is especially a concern given that it is also equally simple these days to de-identify, mask, or secure it and thus there are few excuses not to comply. In a world of attacks, data theft, and misuse, privacy and security has to be a first priority, especially the data of our next generation’s citizens.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Share on facebook
Share on twitter
Share on linkedin

Recent Posts

Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics

Twitter Facebook-f Linkedin Youtube

Working With Us

The Pages

Our Contributing Experts