As data protection and privacy becomes a big issue around the world, social networking companies like Instagram need to appropriately take care of the information its user’s share. One of the provisions of the UK’s upcoming Data Protection Bill would require companies to allow its users to easily move their data from one service to another.
To that end, Facebook-owned Instagram just confirmed to TechCrunch that it is building a new data portability tool so users can download a copy of everything they’ve put on the platform , including photos, videos and messages , similar to how Facebook’s download your information tool works.
The tool could help Instagram users monitor how much of their data is on the platform. It will also help Facebook, which owns Instagram, comply with the forthcoming European data privacy rule, General Data Protection Regulation (GDPR), which will require all data to be portable. The rule will also require companies to delete data upon user request. Facebook CEO Mark Zuckerberg confirmed in testimony today to the House Energy and Commerce Committee in Congress that the company would comply with GDPR in Europe and in the US.
The General Data Protection Regulation is a rule passed by the European Union in 2016, setting new rules for how companies manage and share personal data. In theory, the GDPR only applies to EU citizens’ data, but the global nature of the internet means that nearly every online service is affected, and the regulation has already resulted in significant changes for US users as companies scramble to adapt.
Much of the GDPR builds on rules set by earlier EU privacy measures like the Privacy Shield and Data Protection Directive, but it expands on those measures in two crucial ways. First, the GDPR sets a higher bar for obtaining personal data than we’ve ever seen on the internet before. By default, any time a company collects personal data on an EU citizen, it will need explicit and informed consent from that person. Users also need a way to revoke that consent, and they can request all the data a company has from them as a way to verify that consent. It’s a lot stronger than existing requirements, and it explicitly extends to companies based outside the EU. For an industry that’s used to collecting and sharing data with little to no restriction that means rewriting the rules of how ads are targeted online.
Second, the GDPR’s penalties are severe enough to get the entire industry’s attention. Maximum fines per violation are set at 4 percent of a company’s global turnover (or $20 million, whichever is larger). That’s a lot more than the fines allowed by the Data Protection Directive, and it signals how serious the EU is taking data privacy. Facebook CEO Mark Zuckerberg confirmed in testimony to the House Energy and Commerce Committee in Congress that the company would comply with GDPR in Europe and in the US, where it’s not yet required which led to Investor group asking him to resign.
In the wake of the Cambridge Analytica revelations, Charles Porch, Instagram’s global head of creative programs, the entire company, employees were “horrified at the idea that someone would misuse data.” he also added that “We are building a new data portability tool. You’ll soon be able to download a copy of what you’ve shared on Instagram, including your photos, videos and messages.”