Facebook has definitely become the face of the online privacy debates in the past few years. The biggest issue for the company came about with Cambridge Analytica, a company that accessed the Facebook API and gathered and stored information on users who had used the company's apps. Essentially, this was done by promoting the "which character from *random 90s show* are you" type "games" which ask for permission to access certain profile data. From there, the company stored that information and used it for advertising purposes. While this is a massive breach of both user privacy and Facebook data policies, Facebook didn't act on knowledge of the behavior until it became public. Cambridge Analytica is far from the only data breach at Facebook, however.
Now, Facebook-owned Instagram is beginning to see similar issues with companies accessing the brand's API, as well as scraping data from the app and website. Hyp3r, which markets itself as "the award winning location-based marketing platform" was banned from Instagram this week for violating Instagram's data collection and storage policies. In particular, the company scraped data from profiles and posts to identify user locations, which fed its marketing platform. Hyp3r CEO Carlos Garcia told Business Insider,
Hyp3r is, and has always been, a company that enables authentic, delightful marketing that is compliant with consumer privacy regulations and social network Terms of Services. We do not view any content or information that cannot be accessed publicly by everyone online.
The problem with that argument is that, even though data is being made publicly viewable, does not mean that the data is legally permitted to be scraped or stored by third-parties. Instagram does not generally allow any external storage of user data, no matter how it is obtained. According to an Instagram spokesperson,
Hyp3r's actions were not sanctioned and violate our policies. As a result, we've removed them from our platform. We've also made a product change that should help prevent other companies from scraping public location pages in this way.
The change mentioned is small but significant. Hyp3r had gotten a lot of their data from Instagram's Locations page, which shows photos from public user profiles that are tagged to a location. Previously, this page was available to everyone, but now it will require a user to be logged into their Instagram account to access the data. This should allow the company to monitor who is pulling large amounts of location data and take action.