164 Instagram users report losing over £350,000 to investment scams
Money flipping warning from Action Fraud.
Instagram is being investigated by Ireland's Data Protection Commissioner (DPC) over its handling of children's personal data on the platform.
The social media app's owner Facebook could face a large fine if Instagram is found to have broken privacy laws.
It comes amid reports Instagram failed to protect data, including allowing email addresses and phone numbers of those under 18 to be made public.
Facebook said it rejected the claims but was cooperating with the DPC.
A number of US tech giants have their European headquarters in Ireland, and the DPC is the lead European Union regulator under the EU General Data Protection Regulation (GDPR), which came into force in 2018.
The DPC is responsible for protecting individuals' right to online privacy, and has the power to issue large fines.
The Irish regulator is investigating whether Facebook has a legal basis for processing children's personal data and if it employs adequate protections and restrictions on Instagram for children.
Separately, it is also looking at whether Facebook has adhered with GDPR requirements in relation to Instagram's profile and account settings. It is inquiring into whether Facebook is adequately protecting the data protection rights of children as vulnerable people.
The minimum age for having an Instagram account is 13.
A parent's worries
According to reports, the investigation stems from a complaint from David Stier, a US-based data scientist who last year analysed profiles of almost 200,000 Instagram users across the world.
He estimated that for over a year, at least 60 million users under the age of 18 were given the option to easily change their profiles into business accounts.
Instagram business accounts require users to display their phone numbers and email addresses publicly, meaning that personal data belonging to many users is visible to other Instagram users.
The same personal information was also contained in the HTML source code of web pages accessed when using Instagram on a computer, meaning that it could be "scraped" by hackers.
Mr Stier reported his findings to Facebook, but he wrote in a Medium blog that Instagram had refused to mask the email addresses and phone numbers for business accounts.
However, Facebook did decide to remove the contact information from the source code of Instagram pages.
Mr Stier has also alleged that hackers might have succeeded in stealing personal information from Instagram's website, after it was revealed in May 2019 that contact details relating to 49 million users were stored online in an unguarded database owned by a firm in India.