Instagram Configuration
How to embed Instagram on your website and properly map these configurations within the customer panel to ensure users are clearly informed about the use of this Third Party Provider (TPP). The tables below outline how embedding Instagram on your website affects the privacy risks for users.
When embedding Instagram onto your website, Meta offers very limited configuration options.
High Privacy Risk: Instagram embeds create direct connections to Meta servers, enabling comprehensive tracking across Meta's ecosystem (Facebook, Instagram, WhatsApp).
Consent Requirement: Always obtain explicit opt-in consent before loading Instagram content.
Joint Controller Considerations: Depending on implementation, you may have joint controller responsibilities with Meta.
Privacy relevant configurations (Parameters)
This table shows features which are enabled or disabled within Instagram. Use this overview to ensure your Instagram setup and Consenter Manager settings stay consistent.
Each row represents a feature that can be disabled or enabled in various ways when configuring your TPP for your website. The left-hand column describes the feature, while the right-hand column provides guidance on where to find it in the Consenter Manager and how to configure it to accurately reflect your TPP setup.
Some functions or data categories may be named differently between TPPs or in our overview due to the lack of standardization. As the data controller, you are responsible for informing users in a clear and comprehensible manner. This guide supports you by offering uniform, established terminology that helps users understand how their personal data is processed, thereby fostering trust in your brand.
| Parameters | ➡️ Instagram Config High risk (Consent) | ➡️ Consenter Manager Config What to indicate in Consenter Manager when embedding Instagram on your website |
|---|---|---|
| Consent | Yes (Opt-In) - Required before loading Instagram embed, ideally through contextual consent in iframe | Select Instagram as data recipient. |
| Data processing agreement | No (Controllership) - Meta acts as independent controller | Select: Independent Controller as legal role of data recipient |
| Tracking method | Cross session, cross domain, cross device (Meta Pixel & Instagram integration) | Select: Cross-session, cross-domain, cross-device tracking |
| Identifier | Meta/Facebook account data, Instagram cookies, device fingerprinting, device identifiers | Select respective data categories: - Direct identifiers (if logged into Meta) - Device identifiers - Probabilistic identifiers |
| Retention Period | 24+ months (Meta's standard retention) | Indicate maximum storage duration: 24+ months |
| Processing location | US/Global (Meta servers worldwide) | ❗Attention: Always indicate USA as primary data processing location. Meta is a US-based company subject to US legislation including CLOUD Act and FISA. |
| Advertising Features | Enabled - Data used for Meta advertising network | Select additional marketing purposes: - Personalized advertising |
Data categories
This table details the categories of data collected by Instagram. Use this overview to ensure your Instagram setup and Consenter Manager settings stay consistent.
Each row represents a data category that can be disabled or enabled in various ways when configuring your TPP for your website. The left-hand column describes the data category, while the right-hand column provides guidance on where to find it in the Consenter Manager and how to configure it to accurately reflect your TPP setup.
Some functions or data categories may be named differently between TPPs or in our overview due to the lack of standardization. As the data controller, you are responsible for informing users in a clear and comprehensible manner. This guide supports you by offering uniform, established terminology that helps users understand how their personal data is processed, thereby fostering trust in your brand.
| Collected Data Categories | ➡️ Instagram Config High risk (Consent) | ➡️ Consenter Manager Config What to indicate in Consenter Manager when embedding Instagram on your website |
|---|---|---|
| IP Address | IP address (plain) | Select respective data category. |
| Technical data - Device characteristics - Browser/OS data | Yes | Select data category: Device characteristics |
| Social media interaction data | Yes - Likes, follows, shares, comments, viewing behavior | Select data category: - Browsing and interaction data - Social media interaction data |
| Geo-location info | Precise location (if device permissions granted and posted by the user) | Select data category: - Precise location data - Non-precise location data |
| User Authentication Data | Yes - Meta/Instagram account information if logged in | Select data category: - Authentication-derived identifiers - Users' profiles - User provided data |
| Device identifiers | Yes - Multiple identifiers (cookies, device IDs, fingerprints) | Select data category: Device identifiers |
| Probabilistic identifiers | Yes - Device fingerprinting, browser fingerprints | Select data category: Probabilistic identifiers |
| Special categories of personal data | Potentially - Depending on Instagram content shown (e.g., health, religion visible in posts) | Assess content risk and select if applicable |
| Privacy choices | Yes - Meta privacy settings, ad preferences | Select data category: Privacy choices |
Last updated on