Brussels: Instagram is being investigated by Ireland's Data Protection Commissioner (DPC) over its handling of children's personal data on the platform.
The social media app's owner Facebook could face a large fine if Instagram is found to have broken privacy laws.
It comes amid reports Instagram failed to protect data, including allowing email addresses and phone numbers of those under 18 to be made public.
Facebook said it rejected the claims but was cooperating with the DPC.
A number of US tech giants have their European headquarters in Ireland, and the DPC is the lead European Union regulator under the EU General Data Protection Regulation (GDPR), which came into force in 2018.
The DPC is responsible for protecting individuals' right to online privacy, and has the power to issue large fines.
The Irish regulator is investigating whether Facebook has a legal basis for processing children's personal data and if it employs adequate protections and restrictions on Instagram for children.
Separately, it is also looking at whether Facebook has adhered with GDPR requirements in relation to Instagram's profile and account settings. It is inquiring into whether Facebook is adequately protecting the data protection rights of children as vulnerable people.
The minimum age for having an Instagram account is 13.
"Instagram is a social media platform which is used widely by children in Ireland and across Europe," said Graham Doyle, a deputy commissioner with DPC.
The DPC has been actively monitoring complaints received from individuals in this area and has identified potential concerns in relation to the processing of children's personal data on Instagram which require further examination.