On the first day of enforcing Europe’s massive data protection law, both Google and Facebook have been accused of failing to comply with the General Data Protection Regulation (GDPR).
As soon as the GDPR law went into effect at midnight on Friday, lawsuits were filed by pro-privacy advocate and Austrian lawyer, Max Schrems, against Google with regulators in France, Facebook with Austrian regulators, WhatsApp (owned by Facebook) with regulators in Germany, and Instagram (also owned by Facebook) with Belgian regulators. The lawsuits were filed on behalf of individual users who did not wish to be named.
Schrems argues that Google and Facebook are violating the new data regulation law by forcing users to consent to share their personal data. He also suggests that the companies have blocked some users’ accounts because they did not give consent. In fact, the law requires users be given a full and free choice unless consent is absolutely necessary for providing the service the user requests.
In a published statement on TechCrunch, Schrems who is head of NOYB (None of Your Business), said, “In the end users only had the choice to delete the account or hit the ‘agree’ button — that’s not a free choice, it more reminds of a North Korean election process.”
The full complaint which is posted on noyb.eu states in part:
The new General Data Protection Regulation (GDPR), which came into force today at midnight, is supposed to give users a free choice, whether they agree to data usage or not. The opposite feeling spread on the screens of many users: tons of “consent boxes” popped up online or in applications, often combined with a threat, that the service cannot longer be used if user do[es] not consent. One the first day of GDPR noyb.eu has therefor[e] file[ed] four complaints against Google (Android), Facebook, WhatsApp, and Instagram over “forced consent.”
Going forward from Friday, May 25, 2018, data regulators throughout Europe have the right to impose fines of up to 4% of the global annual sales of any company that is found to be in violation of the new law.
On Tuesday while testifying before Parliament leaders in Europe, Facebook CEO Mark Zuckerberg stood resolute in stating that his company would follow all aspects of the new regulation.
A statement released from Facebook’s Chief Privacy Officer Erin Egan today states:
“We have prepared for the past 18 months to ensure we meet the requirements of the GDPR. We have made our policies clearer, our privacy settings easier to find and introduced better tools for people to access, download, and delete their information. Our work to improve people’s privacy doesn’t stop on May 25th. For example, we’re building Clear History: a way for everyone to see the websites and apps that send us information when you use them, clear this information from your account, and turn off our ability to store it associated with your account going forward.”
Google has also suggested that it is complying with the new law. In a statement to The Verge, the company said in part: “We build privacy and security into our products from the very earliest stages.”
If the European Union regulators agree with Schrems, both Google and Facebook would be forced to pay those hefty fines which are well over $9 billion combined.