You are a staff member at a prominent European advocacy organization concerned with data protection-related issues. Your supervisor is worried that Instagram’s privacy practices are problematic. She asks that you take a close look at its privacy policy and identify any concerns you find. Based on your analysis, write a 4-5 page letter to Instagram (which is owned by Facebook) outlining your concerns.

Analyzing Privacy Policies in View of EU Data Protection Law

Paper details:

You are a staff member at a prominent European advocacy organization concerned with data protection-related issues. Your supervisor is worried that Instagram’s privacy practices are problematic. She asks that you take a close look at its privacy policy and identify any concerns you find. Based on your analysis, write a 4-5 page letter to Instagram (which is owned by Facebook) outlining your concerns.

Your letter should also include questions to Instagram requesting additional information you need to complete your inquiry, including specific questions on elements of the policy you consider problematic or questionable. Your letter should reference specific provisions of the GDPR.

Reading on Purpose Limitation:
1. Bygrave, pp. 153-157
2. Charter of Fundamental Rights of the EU, 2000/C 364/01, Article 8
3. GDPR, Recital 50; Article 5(1)(b)
4. Article 29 Working Group, Opinion 03/2013 on Purpose Limitation (WP 203), pp.9-27, 36-38, 51-55.

Reading on Anonymization and Pseudonymization:
1. GDPR, Recital 26; Articles 4(1), 4(5), 5(1)(e)
2. Voigt and Von dem Bussche, pp. 13-16.
3. EU Article 29 Working Party, Opinion 05/2014 on Anonymisation Techniques

Reading on Data Access Right and Automated Individual Decision-Making:
1. GDPR, Recitals 63, 71, 78; Articles 4(4), 12-15, 22-23, 35
2. Voigt and Von dem Bussche, pp. 150-153; 180-184.
3. Council of Europe, Committee of Ministers (2010), Recommendation CM/Rec(2010)13 and explanatory memorandum on the protection of individuals with regard to automatic processing of personal data in the context of profiling, 23 November 2010, Art. 3.4 (b) (Profiling Recommendation).
4. Article 29 Data Protection Working Party, Guidelines on Automated individual decision-making and Profilicgong for the purposes of Regulation 2016/679