Instagram to let users download everything they have ever shared

• Facebook, Instagram delete dozens of Russia-linked accounts
• New Zealand Caught Up in Facebook Data Breach Scandal

While its parent company, Facebook, had announced a suite of GDPR controls, which Mark Zuckerberg emphasised during his  this week, Instagram had been quiet on the issue.

GDPR (General Data Protection Regulation) brings with it a number of rights for individuals, including to demand deletion of data, to opt out of future data collection, and to view the personal data a company possesses and to download it in a format that can be moved over to competitors.

These were the requirements Instagram would fulfil shortly, the company . “We are building a new data portability tool,” a spokesperson said. “You’ll soon be able to download a copy of what you’ve shared on Instagram, including your photos, videos and messages.”

It is unclear whether Instagram will include information about a user’s advertising profiling. Photograph: Kirill Kudryavtsev/Getty Images

The tool will be helpful for users who want to extract what they have uploaded to Instagram. Treasured photos and videos can sometimes get lost in their original form, but currently there are few ways to easily access the high-resolution originals if they have been posted on the social network.

It is unclear whether the company will also include details of a user’s advertising profiling in its data download. The wealth of information included in Facebook’s equivalent service shocked some users, who were unhappy to discover that the company  of their text and phone conversations.

GDPR comes into effect on 25 May, which means the coming month will probably include a flurry of announcements similar to Instagram’s. Many large tech companies, including Google, have yet to confirm whether they are altering their products to comply with the regulation.

A number of data breaches may also be made public next month as companies race to beat the GDPR deadline. When the regulation comes into effect, the maximum penalty for a breach multiplies vastly from £600,000 to €20m (£17m), or 4% of global turnover.

According to EUObserver, the European commission intends to police that deadline according to the date of disclosure, not the date of the underlying breach. This means any company that has been withholding knowledge of a successful hack will need to disclose that fact sooner rather than later, or risk a hefty penalty.