Security News > 2020 > August > Instagram Retained Deleted User Data Despite GDPR Rules
"Instagram didn't delete my data even when I deleted them from my end," Pokharel told TechCrunch.
The flaw was in a feature that Instagram launched in 2018 in response to the European General Data Privacy Regulation, which requires any companies operating in Europe to notify the authorities within 72 hours of confirming a data breach or face stiff financial penalties.
The GDPR, which went into effect on May 25, 2018, also has a data portability component requiring companies to give people access to their data.
The flaw is not the first time Instagram has been found saving people's data even after they thought they deleted it, however.
Facebook has come under heavy fire for its privacy practices and even received a $5 billion fine from the Federal Trade Commission for disseminating user data without their knowledge in the now-infamous Cambridge Analytica incident.
News URL
https://threatpost.com/instagram-retained-deleted-user-data-despite-gdpr-rules/158366/