With European Union’s General Data Protection Regulation (GDPR) coming into effect from May 25, popular apps and social media companies are busy upgrading their data policy and terms of service. Facebook-owned WhatsApp and Instagram have announced changes to their privacy and data policy. WhatsApp, which is the world’s most popular messaging app, has already announced that it will let users download all the data they have given to the app.
Instagram, the popular photo-sharing network owned by Facebook, has also revised its terms and data policy usage. So what does it mean for the Instagram user and what has changed from the terms of service back from 2013? Here’s a detailed look.
If you are an avid Instagram user, you must have already got a message from the company announcing an update to its terms and data policy. Users will have to accept the new terms in order to continue using Instagram. One thing to keep in mind is that users still own all the photos and and videos, they share on the network. However, going forward the apps terms will “reflect that Facebook Inc is responsible for Instagram.”
The app now has a new “Data Policy” which will explain how the data shared by the user is collected and used in Facebook Products. The policy also covers the newer features such as stories, direct messaging, activity status and the creative tools in the camera app. In the terms of service, Instagram now says that users need to “be at least 13 years old or the minimum legal age in your country to use Instagram.” Earlier the terms of service just said a user had to be 13 years old to use the service. The conditions also note, “You (user) must not be prohibited from receiving any aspect of our Service under applicable laws or engaging in payments related Services if you are on an applicable denied party listing.”
“We must not have previously disabled your account for violation of law or any of our policies,” add the new terms of service. Also Instagram will not let anyone who is a “convicted sex offender,” use the app anymore. These were not mentioned in the previous terms of service from 2013.
The new policy mentions the data sharing with Facebook in detail, which it adds will be used to personalise experience across products, including ads experiences. On advertisers, the policy says, “We provide ads without telling advertisers who you are. The policy has more information about what we do share with advertisers and partners. We never sell your data.” This too was not present in the previous terms of service.
What does Instagram’s new data policy say
Instagram says, “We use data from Instagram and other Facebook Company Products, as well as from third-party partners, to show you ads, offers, and other sponsored content that we believe will be meaningful to you. And we try to make that content as relevant as all your other experiences on Instagram.” The data collected by Instagram includes the content a user provides as well as metadata, such as the location of a photo or the date a file was created.
The new data policy from Instagram will include information about facial recognition, though the app is not using this technology yet. Instagram says, “If we introduce it, we’ll let you know and give you a choice.” Facebook is however, using such technology though users have the option of signing out of it from the social network. It adds, “the face-recognition templates we create may constitute data with special protections under the laws of your country.”
The data collected includes what a user sees when they use features like the camera, masks or filters, including the ones they prefer more. It goes on to add, “Our systems automatically process content and communications you and others provide to analyze context and what’s in them.”
Instagram also collects “information about the people, pages, accounts, hashtags and groups” a user is connected with, including those a user communicates with the most on the service. The app also collects time, frequency and duration of activities and how features like the camera are used. Purchases made via the app are also collected as part of the Instagram data policy, which will include payment information, such as credit or debit card number and other card information, etc.
So is Instagram collecting your Contacts?
Yes, but only if a user chooses to upload it to the service, according to the terms and services. The data policy notes, “We also collect contact information if you choose to upload, sync or import it from a device (such as an address book or call log or SMS log history), which we use for things like helping you and others find people you may know and for the other purposes listed below.”
What other data is Instagram collecting?
The photo-sharing app also collects information that others provide about you on the network, when they are using the product. This includes a comment on a photo of the user, messages, when contacts are synced, etc. Finally the app is collecting device information which includes the computer, phone, connected TV used when accessing Instagram and its products. Information such as the operating system, hardware and software versions, battery level, signal strength, available storage space, browser type, app and file names and types, and plugins are also collected, says the data policy.
The data from devices is listed below as mentioned in the data policy:
Device operations: information about operations and behaviors performed on the device, such as whether a window is foregrounded or backgrounded, or mouse movements (which can help distinguish humans from bots).
Identifiers: unique identifiers, device IDs, and other identifiers, such as from games, apps or accounts you use, and Family Device IDs (or other identifiers unique to Facebook Company Products associated with the same device or account).
Device signals: Bluetooth signals, and information about nearby Wi-Fi access points, beacons, and cell towers.
Data from device settings: information you allow us to receive through device settings you turn on, such as access to your GPS location, camera or photos.
Network and connections: information such as the name of your mobile operator or ISP, language, time zone, mobile phone number, IP address, connection speed and, in some cases, information about other devices that are nearby or on your network, so we can do things like help you stream a video from your phone to your TV.
Cookie data: data from cookies stored on your device, including cookie IDs and settings.
However, there is some data that comes with special protections, which includes religious views, political views, who a user is interested in, the health of a user, racial or ethnic origin. The policy says such information “could be subject to special protections under the laws” of the relevant country. Instagram is also collecting data from non-Facebook users or those who are logged out. The policy notes that in this case advertisers, app developers, and publishers can send the company information through Facebook Business Tools, which includes the Facebook Login.
So how is Instagram using all of this information?
One is to help improve the company’s products and this includes the News Feed, Instagram Feed, Instagram Stories and ads. The company here is not just limited to Instagram, but includes the parent Facebook. Second, the information is used to make suggestions for the user, on who they might want to follow, groups to follow, etc. Also the information from Instagram is shared across Facebook products and devices.
The data policy notes, “We connect information about your activities on different Facebook Products and devices to provide a more tailored and consistent experience on all Facebook Products you use, wherever you use them. For example, we can suggest that you join a group on Facebook that includes people you follow on Instagram or communicate with using Messenger.” Of course this information is also used to create personalised ads.