Instagram Unauthorized Camera Access

Instagram Sued For Privacy Violations Over Unauthorized Camera Access

On Thursday in the Northern District of California, Brittany Conditi filed a class-action complaint against Instagram and its parent company Facebook for invasion of privacy alleging that Instagram accessed users’ smartphone cameras when not using features that would require camera access, despite the defendants’ representations to the contrary.

According to the complaint, Instagram “has access to a user’s smartphone camera for the limited purpose of allowing users to directly take a photograph or video and then post that content to its platform.” Furthermore, Instagram “claims to only access users’ smartphone cameras with user permission, such as when a user is interacting with the Instagram application’s…camera feature.” According to the complaint, Instagram stated it does not access a user’s camera when the camera feature is not in use. However, the plaintiff proffered that Instagram “does more than it claims.”

Specifically, the plaintiff averred that “Instagram is constantly accessing users’ smartphone camera feature while the app is open and monitors users without permission, i.e., when users are not interacting with Instagram’s camera feature.” Conditi argued that Instagram has broken its promise with users, as it has no reason to access users’ cameras when they are not using the camera feature.

The plaintiff claimed that Instagram is “able to monitor users’ most intimate moments, including those in the privacy of their own homes, in addition to collecting valuable insight and market research on its users.” The plaintiff further alleged that Instagram does this in order “to collect lucrative and valuable data on its users that it would not otherwise have access to,” purportedly so the company could increase its advertising revenue through improved user targeting. For instance, the complaint says Instagram is “able to see in-real time how users respond to advertisements on Instagram, providing extremely valuable information to its advertisers.” This conduct allegedly came to light when Apple updated its operating system, available to the public on July 9, “which provides notice to consumers when third parties are accessing their camera and microphone or collecting their data.” The plaintiff asserted that this conduct violated her and the putative class’s privacy rights.

Additionally, the plaintiff asserted that Instagram does not obtain consent to access users’ smartphones when they are not using the camera feature and it does not disclose in its data policy that it accesses user’s camera while users are not using the Instagram camera feature or obtain consent to perform said conduct. Moreover, according to the complaint, Instagram “has no legitimate purpose for accessing users’ smartphone cameras while they are not using Instagram’s services.” Instead, Instagram purportedly claimed that this was a “mistake” caused by “a bug in iOS 14 Beta that indicates that some people are using the camera when they aren’t.” However, Apple has not stated that it was a bug, according to the complaint. The plaintiff also pointed to Facebook and Instagram’s history of privacy violations.

Conditi claimed that she uses Instagram on a regular basis, including while she is in her bedroom. She alleged that Instagram surreptitiously accessed her camera and monitored her outside of the scope that she agreed to. The class includes: “(a)ll Instagram users whose smartphone cameras were accessed by Instagram without their consent from 2010 through the present.”

Instagram is accused of violating the California Consumer Privacy Act, which requires a business collecting consumer’s personal information to disclose at or before collection regarding the categories of personal information that will be collected and the purpose for said collection. They must also provide additional disclosures in order to collect more information for other purposes. The plaintiff claimed that Instagram users have a reasonable expectation of privacy as provided in the California Constitution.

Read more: Law Street

Share on facebook
Share on linkedin
Share on twitter
Share on pinterest
Share on print
Share on email

Latest Blog Posts

dpa gdpr

Data Protection Authorities (DPA)

Data Protection Authorities (DPA) Data Protection Authorities (DPA) are independent public authorities that supervise, through investigative and corrective powers, the application of the GDPR. They

Read More »

Zpracovává vaše společnost osobní údaje?

Zpracovávat vaše společnost osobní údaje fyzických osob, jako jsou:

  • Údaje zaměstnanců, zákazníků, uchazečů o zaměstnání nebo pacientů včetně:
    • Jméno nebo osobní identifikační číslo
    • Kontaktní údaje (e-mailová adresa, telefonní číslo, adresa)
    • Bankovní údaje, plat, údaje o pasu nebo jiné osobní údaje


Ar Jūsų įmonė renka ir tvarko fizinių asmenų asmens duomenis? 

Asmens duomenys gali būti:

  • Kliento, darbuotojo. paciento, kandidato į darbo vietą ir kt. 
    • Vardas ar asmens  numeris 
    • Kontaktinė informacija (el.pašto adresas, telefono numeris, adresas ir kt)
    • Banko sąskaitos  duomenys, atlyginimo dydis, paso duomenys ar bet kokia kita asmeninė informacija. 

Onko yrityksessäsi enemmän, kuin 250 työntekijää?

Kas teie ettevõte kogub ja töötleb isikuandmeid?

Kas teie ettevõte kogub ja töötleb füüsiliste isikutega seotud andmeid nagu näiteks:

Töötajate, klientide, tööle kandideerijate, patsientide:

  • Nimi, isikukood
  • E-posti aadress, telefoninumber, kodune aadress
  • Pangakontonumber, palgasumma, krediitkaardiandmed või mõnda muut tüüpi isiklikud andmed

Does your company collect any personal data?

Does your company collect and process any personal data of natural persons such as:

  • Employees, Customers, Job Applicants or Patients including:
    • Name or personal ID number
    • Contact details (Email address, Phone number, Address)
    • Bank details, Salary amounts, Passport details or any other personal data