DPC Probes Instagram's Handling of Children's Data; TCF Not GDPR Compliant, Says DPA

In today’s ExchangeWire news digest: Ireland’s DPC launches an investigation into Instagram over how it treats the data of its underage users; Belgium’s DPA reports that IAB Europe’s transparency framework does not meet GDPR requirements; and 5G is expected to generate over $350m in revenue by 2025.


Instagram faces DPC investigation over handling of children’s data


Instagram is facing an investigation from Ireland’s Data Protection Commissioner (DPC) over its handling of the personal data of its underage users. The probe follows reports that the Facebook-owned photo-sharing site failed to safeguard the personal information of children who use the platform, with allegations that it enabled the phone numbers and email addresses of these users to be made public.

The DPC, which has operated as the leading EU regulator under GDPR since the legislation was introduced in 2018, will examine whether Facebook has any legal basis for gathering the personal data of users under the age of 18, and whether it has sufficient age-restrictions and protective measures for children on sister-platform Instagram. Concurrently, the regulator has also launched an inquiry into whether Instagram’s account settings comply with GDPR, and is examining Facebook’s current practices surrounding the safeguarding of children’s data.

The investigation derives from a complaint made by US-based data scientist David Stier. Based on an analysis of nearly 200,000 Instagram profiles from across the globe, Stier estimated that the option to switch their personal account to a business account, which requires the owner’s phone number and email address to be publicly displayed, was made easily available to at least 60 million underage users. This information was also included in HTML source code of web pages accessed when using the platform via desktop, making it available for “scraping” by bad actors. Facebook has since removed contact information from Instagram pages’ source codes.

Facebook maintains that the publication of personal details on Instagram business accounts is “very different to exposing people’s information”. However, the company has said that it is working with the DPC.


TCF fails to meet data protection regulation, says EU


The European Union’s data supervisor has stated that IAB Europe’s Transparency Consent Framework (TCF) is not up to par with the bloc’s data protection standards. The Belgian DPA came to this conclusion after investigating a number of complaints against the use of personal data within real-time bidding (RTB), which critics argue is diametrically at odds with EU privacy regulation.

The DPA reported that the TCF falls short of GDPR principles of transparency, fairness, and accountability, and asserts that it does not meet the legal requirements for processing data. The regulator also found that the framework allows for the processing of “special category” personal data, such as details regarding users’ health and political affiliation, yet does not impose sufficient rules for how this information should be processed.

First introduced in April 2018, the TCF was designed to help ad tech companies to adjust to the drastic changes to the industry’s privacy and data standards triggered by the EU’s implementation of GDPR and the ePrivacy network. A new iteration of the TCF was introduced last year, with most partners successfully switching to the new network in August.

IAB Europe have responded to the DPA’s findings, stating that it “respectfully disagree[s]” with the report, and asserts that the TCF consists of “a minimal set of best practices” for industry players. The body further warned that the DPA’s conclusions about the framework “would have a chilling effect on the development of open-source compliance standards that serve to support industry players and protect customers.”


5G operator-billed revenue to balloon to over $350bn by 2025


A projection published by Juniper Research forecasts that operator-billed revenues derived from 5G connections will soar to USD $357bn (£275.4bn) in the next 5 years. This rapid growth, spurred by an increasing consumer shift from 4G to higher-calibre networks, will boost 5G’s market share up 44% by 2025, according to Juniper’s report.

The firm asserts that operators have successfully managed to adapt their strategies for building the physical infrastructure required for 5G amidst the ongoing COVID crisis. This, coupled with a greater than anticipated adoption of 5G networks by mobile users, will see more than 1.5 billion 5G connections by 2025, which Juniper asserts will result in revenues that are 250% higher than average mobile connections.

Despite the optimistic predictions, analysts assert that individual operators will need to continue to make significant investments in 5G network infrastructures if they want to reap such benefits. The experts also warn that taking a laissez-faire approach could see firms suffer demand-generated functionality loss and even lose business to their competitors.