The Irish Data Protection Commission, one of the european union’s leading protection law regulators, is investigating how instagram users’ personal data was collected by a San Francisco initiative. Among the data collected by users is Stories that must be lost within 24 hours.
The Commission said it would check whether citizens of the European Union were affected by this data collection incident.
The marketing firm Hyp3r tracked people’s locations, recorded posts in Story format, and collected other information about users by scraping public data from millions of users on Instagram.
When members of the press wanted to get feedback from Instagram, the app issued hyp3r a warning and threw the company off its platform. Hyp3r, which has been taking advantage of Instagram’s vulnerability in its security area for nearly a year, has so far not been noticed by the company. Instagram even listed Hyp3r as its official Marketing Partner. This shows us that many companies can take advantage of Instagram’s security weakness.
Hyp3r claims something illegal. The company’s CEO Carlos Garcia said in a statement:
The Irish Data Protection Commission said they were investigating whether EU citizens were affected before taking any steps.
On the other hand, looking at the data collected by Hyp3r, it is possible to say that the citizens of the European Union are active. Hyp3r is said to be collecting data from “geographic allots” around the world. Moreover, according to a marketing material published by one of the company’s customers, hotel chain Marriott, all social sharing posts shared by guests staying in hotels owned by the hotel chain worldwide have been collected. Considering that Marriott owns a large number of hotels in the European Union, we can say that EU citizens have already suffered from this breach of confidentiality.
Despite these developments, Hyp3r insists that it complies with GDPR and the EU’s privacy regulations. For now, none of the Irish Data Protection Commission has contacted them, the company’s snob, the company’s statement said, adding that all personally identifiable data has been encrypted.