Instagram makes children data public, gets investigated by EU

Vlad Constantinescu
by Vlad Constantinescu
VPN Expert & Privacy Advocate
0 Comments
Download PDF
Affiliate Disclosure

  • EU investigates Instagram, one of the big social media players, after suspicions that it violated privacy laws.
  • Instagram allowed children accounts to switch to business accounts, which in turn made their phone numbers and email addresses public for everyone to see.
  • Check out our Instagram section for guides on using the social platform and common issue fixes.
  • Visit our Privacy Hub for more fixes, news, guides, and reviews on keeping your digital presence safe.
Instagram investigation

Instagram, one of the big names in social media, is under EU investigation after it reportedly violated privacy laws, BBC reports.

The investigation revolves around Instagram’s decision to make contact info on business accounts widely available to all app users.

Given that numerous US tech companies have their headquarters in Ireland, they fall under European regulations regarding data protection.

DPC investigates Facebook account data management

The DPC (Digital Preservation Coalition) is currently investigating if Facebook (Instagram owner) enforces appropriate policies regarding children’s accounts, and whether or not it has a legal basis to do so.

At the same time, the EU regulator investigates whether Facebook is GDPR-compliant. This investigation aims to find how Instagram manages account settings and profile visibility.

Currently, you must be at least 13 years old to be eligible for an Instagram account. The investigation will hopefuly shed light on Facebook’s ability to safekeep children’s data protection rights.

Children account information made available

During a 2019 research based on 200,000 Instagram accounts, David Stier has estimated that more than 60 million under-18 users had the opportunity to switch to business accounts.

It’s widely-known that Instagram is popular amongst teenagers so regulations were in order regarding data protection for under-18 accounts. As we stated above, some personally-identifiable data is visible on business accounts.

Furthermore, the sensitive information was also available in the pages’ HTML source code. This situation would make it possible for hackers to extract and store said info quite easily.

Therefore, it’s safe to assume that teenagers who chose to migrate to business accounts made their phone numbers and email addresses public, which is a real reason for concern.

Facebook removed contact info from source code

In a Medium blog post, David Stier explained how his findings were reported to Facebook. In turn, the social media giant decided to remove the personal info from the HTML source codes of Instagram pages.

However, Facebook reportedly refused to mask phone numbers and email addresses in business accounts.


Does Instagram’s data handling policies make it less trustworthy for you? Are you okay with Instagram letting children create business accounts at the expense of their privacy? Share your thoughts with us below.