Credit: Pixabay/CC0 Public Domain

Ireland's data protection agency is investigating Instagram following concerns over how the image-sharing social platform handles children's personal data, a spokesman said Monday.

The Data Protection Commission (DPC) has begun two probes into how the US firm—owned by Facebook—manages the personal data of under 18s.

The first will "establish whether Facebook has a legal basis for the ongoing processing of children's personal data and if it employs adequate protections," a DPC statement said.

The second will test the "appropriateness" of Instagram profile and account settings for children, and examine the firm's "responsibility to protect the data protection rights of children as vulnerable persons".

The twin inquiries were sparked by complaints that "identified potential concerns... which require further examination," the DPC said.

Both investigations are being conducted under the General Data Protection Regulation (GDPR)—the EU charter of data rights which came into effect in May 2018.

It gives data regulators the power to impose stiff fines of up to 20 million euros ($23.4 million) or four percent of the violating firm's global revenue—whichever figure is higher.

Because Facebook maintains its European headquarters in Dublin it falls to Ireland's DPC to enforce GDPR and regulate the social media titan but its findings are coordinated with other data authorities in the EU.

A Facebook spokesperson said Instagram was "in close contact with the IDPC and we're cooperating with their inquiries".

The spokesperson added the firm had made several updates to business accounts since 2019, allowing people to opt out of including their contact information entirely.

"We've always been clear that when people choose to set up a business account on Instagram, the contact information they shared would be publicly displayed.

"Thats very different to exposing people's information."