Is Instagram GDPR Compliant?

Image of Iron Brands

Veröffentlicht am 14. Juli 2025 von Iron Brands

Dieser Inhalt ist noch nicht ins Deutsche übersetzt. Unten finden Sie die englische Version.

TL;DR

Partially, Instagram, owned by Meta, has taken steps to align with GDPR—including offering data subject rights tools, adopting Standard Contractual Clauses (SCCs), and implementing stronger privacy defaults for minors.

  1. Instagram’s GDPR Compliance Framework
    1. 1. Data Transfers & Legal Basis
    2. 2. Data Subject Rights
    3. 3. Children’s Privacy & Enforcement Action
    4. 4. Remedial Measures Taken
    5. 5. Transparency and Privacy Settings
    6. 6. Subprocessor and Compliance Oversight
  2. Who Should Care?
  3. Notable Resources
  4. General Caveat
  5. Final Thoughts
Logo of MichelinMichelin chose Simple AnalyticsJoin them

Instagram’s GDPR Compliance Framework

1. Data Transfers & Legal Basis

Instagram uses the EU Standard Contractual Clauses (SCCs) for international data transfers, particularly between the EU and the United States. Meta also updated its privacy policies and user controls in line with GDPR requirements.

2. Data Subject Rights

Users can access, download, and delete their data through Instagram’s privacy dashboard. These tools are designed to meet GDPR requirements for access, portability, and erasure.

3. Children’s Privacy & Enforcement Action

In 2022, Instagram was fined €405 million by Ireland's Data Protection Commission (DPC) for exposing minors' contact information (emails and phone numbers) when they set up business accounts. The DPC ruled this violated GDPR’s principles of data minimization, transparency, and privacy by design.

4. Remedial Measures Taken

Following the ruling:

  • Instagram now sets under-18 accounts to private by default.
  • Business account contact details for minors are no longer public.
  • The company carried out Data Protection Impact Assessments (DPIAs) for features involving minors.
  • Additional transparency updates were made to privacy settings.

5. Transparency and Privacy Settings

Instagram offers account-level controls such as private profiles, ad preferences, and data-sharing opt-outs. However, critics have noted that these settings are not always user-friendly or comprehensive for informed consent.

6. Subprocessor and Compliance Oversight

Instagram, through Meta, maintains transparency about third-party processors and complies with GDPR’s requirements on subcontractors and breach notifications.

Who Should Care?

  • Parents and minors: Important to monitor privacy settings, especially when using features like business accounts or direct messaging.
  • Businesses using Instagram: Must ensure GDPR-compliant marketing practices and appropriate cookie and tracking consent.
  • Privacy teams and DPOs: Should review Meta’s DPA terms, ensure lawful bases for processing, and audit any integration points with Instagram.

Notable Resources

  1. Instagram fined €405M for violating children’s privacy under GDPR – Politico (https://www.politico.eu/article/instagram-fined-e405m-for-violating-kids-privacy/)
  2. Meta’s Data Privacy Hub (https://privacycenter.instagram.com/policies)
  3. Meta’s DPA and SCCs (under Business Tools (https://www.facebook.com/legal/terms/dataprocessing)

General Caveat

This overview is based on publicly available information and is not legal advice. While Instagram has improved its privacy practices post-enforcement, GDPR compliance depends on continuous efforts in policy, technical safeguards, and user transparency. Always consult legal counsel before processing personal data at scale.

Final Thoughts

Instagram has taken clear steps to comply with GDPR, especially in response to regulatory pressure. Tools for data access and privacy controls are available, and SCCs support international transfers. However, the large fine and enforcement history underline the need for continuous scrutiny, especially around minors and data transparency.

GA4 ist komplex. Probieren Sie Simple Analytics

GA4 ist wie im Cockpit eines Flugzeugs zu sitzen ohne Pilotenlizenz

Jetzt kostenlos starten