Next to social media giants Facebook and TikTok, Instagram has no need to hide: Photos, videos, stories as well as hashtags as far as the eye can see – but where’s the data protection?
Influencer? Health!
With over a billion monthly users, Instagram is one of the most popular social media apps. The platform, bought by Facebook in 2012, offers (almost) everything: photos, videos, photo diary-like stories in the form of Stories, as well as followers.
The prospect of lucrative advertising contracts and the desire for attention motivates many people to take up an Instagram profession, called influencer. In doing so, they not only disclose their own data, but they also help collect the data of their followers.
You don’t win hearts with privacy
In Instagram you do not like – here you heart by double-click. Tens of thousands of influencers battle daily for the affection of their followers. If you want to get a piece of all that fame, you present yourself and your private life to the public. Selfie addicts, fitness, food and bookstagrammers know: Data protection doesn’t win hearts.
Privacy policy of horror
Instagram’s business model is based on data collection – this can be clearly read from the truly creepy privacy policy. The app is free, but every user pays the service back double and triple with their sometimes very sensitive data.
As much as Instagram can stress:
"We do not sell any of your information to anyone and never will in the future."
Honestly? I can fool myself. In the privacy policy it is written in black and white what Instagram does with the data – they don’t do that out of pure goodness of heart, but for profit purposes. It may be that Instagram does not sell the data in the actual sense, but the data is still passed on as part of advertising contracts.
All kinds of data
What data does Instagram collect anyway? According to the privacy policy, this includes:
- User data, such as username, email address, but also – if one provides them – phone number and real name,
- Data accrued during Instagram usage, i.e. one’s own photos, videos, Stories, as well as information about what content of others one views, the time, frequency and duration of activities, the comments, likes and content of Direct Messages,
- the location where a photo was taken,
- all the information that one provides in the profile or that results from the posts, z.B. political views, religion or sexuality,
- Information about the people, pages, accounts as well as hashtags you connect with and how you interact with them,
- Contact information from the address book, call log, or SMS log history when uploaded, synced, or imported from the particular device used,
- Photos and videos uploaded by other users that feature you, as well as their comments under your photo,
- Information about social plugins, APIs, SDKs and Facebook Pixel, so z.B. on the device, websites visited, purchases made, ads seen, and service usage – regardless of whether one has an Instagram account or is logged in,
- Information about the device used, i.e. z.B. the operating system, signal strength, available memory, browser type, app and file names, as well as mouse movements, device ID, WLAN access points and wireless cell towers in the vicinity,
- If access has been granted, the GPS location
- and cell phone number, and IP address.
Like vultures to a buffet…
ransfers to the following recipients of the data collected by Instagram:
- other Instagram users,
- Advertising partner,
- In the case of public information, anyone who, e.g.B. search for it with search engines,
- third-party service providers,
- Business partners,
- other service providers,
- Researchers and scholars to explore the social common good, technological advancement, public interest, health and well-being,
- as well as law enforcement agencies.
The latter point in particular is currently the subject of heated debate – in the fight against "hate crime", social media are to be obliged to report suspicious posts directly to the Federal Criminal Police Office, and passwords are also to be handed over with the approval of judges. A necessary step in creating law and order in the digital world? Or a dedicated line to restrict fundamental rights? Everyone has to decide for themselves, but it still doesn’t hurt to be skeptical.
Long live child privacy
You can write your fingers to the bone as much as you want: The bulk of Instagram users will not be deterred from feeding the hungry data maw. The reach, the favor of the masses, beckons too seductively. We live in assertive times – either you have something to say, to present or you are out of the window. Young people in particular are under a lot of pressure. 71 percent of all Instagram users are under 35 (Facebook: 45 percent) – and growing every day.
Many Instagrammers are underage, that’s a fact. Although Instagram generally only allows the use of the service from the age of 13, countless children who have not yet reached this age limit cavort in the app. Control? Hardly possible. For profiles of children under 13, it must be stated in the profile that a parent or manager manages the account. However, this will rarely be the case – after all, it is much easier to simply enter the wrong age. On social media platforms like Instagram, TikTok and Houseparty, naivety meets greed for money. A bad combo.
Bullies and criminals have an easy game: Where else can you get (children’s) photos so easily?? Just one click, and contact is made with the next victim. Some parents are not even aware of what their children do all day long. Sharing is also a problem – with parents willingly posting photos and video footage of their offspring. They don’t think about the consequences.
Among sharks
To protect itself from voracious data sharks, Instagram offers a kind of privacy shark cage: the Instagram settings. Here, the flow of data can be restricted to a more tolerable level. Vividly described in the context of an official guide for parents. After that, it is possible to change the profile set to public by default to a private profile. In addition, it is possible to block both people and comments, as well as to specify from whom comments should (not) be allowed and on the basis of which terms comments should be filtered out.
The security of login data must also be taken into account: Two-factor authentication is recommended to prevent unauthorized access. Those who want to use the app should also give it as few permissions as possible, for example, forwarding contacts is not necessary. For the rest, common sense applies: what do I reveal about myself? Do I want everyone to know about it? Could I be embarrassed at some point? Maybe.
Instagram, the data maw
When billions of data are processed, it is hardly surprising that one or the other data record is lost – in case of doubt, the next data scandal is already lurking around the next corner. A few highlights of the past years?
Even before the DSGVO, Instagram was warned in the fall of 2017 by the German Federation of Consumer Organizations because users’ rights had been disregarded. Among other things, Instagram’s rule to refer disputes to U.S. arbitration courts was criticized, but also a too far-reaching granting of rights to use the content of Instagrammers met with rejection. The Federal Association also criticized the lack of sufficient information for users about the transfer of data to advertisers, which would have been necessary for informed and voluntary consent.
In the spring of 2019, a security vulnerability became known: Passwords of millions of Instagram users had been stored unencrypted on internal servers – but these had not been visible to outsiders. In addition, there would be no evidence of abuse by employees. This is not an isolated case, because already half a year ago there was a similar data breach.
In the summer of 2019, the following case caused a stir: The marketing startup Hyp3r collected Instagram location data and evaluated actually only 24-hour visible Stories, which it stored permanently, with image analysis software. Business as usual, you might think. Wrong thinking: Hyp3r enriched itself on the data by overcoming an Instagram loophole. The Facebook group intervened, but had been busy earning until this point.
At least the merging of data that Facebook gains as part of its services (Facebook, Instagram, WhatsApp, websites with Like button) could soon come to an end: Since Facebook lost in summary proceedings before the Federal Court of Justice, the American corporation must stop this type of data use – for now. Remains to be seen if Facebook does not find a loophole after all.
Instagram against #corona?
If you still think that all this is not so bad and that you have nothing to hide, you should know that Instagram posts can reveal whether you adhere to Corona-related curfews or not by means of image recognition. Corresponding evaluations were offered to the Italian government. It’s only a matter of time before people in this country also resort to such questionable methods – for whatever purpose.