It’s barely few hours that the new GDPR data protection law came into force and complaints have been filed against Google and Facebook.
Financial Times reports that four complaints have been filed by an activist that has previously won a privacy case against Facebook – one against Google’s Android, one against Facebook and one for each for its subsidiaries WhatsApp and Instagram. The companies were all accused of forcing users into agreeing to targeted advertising before they can use their services.
The complaints were filed by non-profit organization None Of Your Business (noyb.eu) led by activist Max Schrems who said that the companies didn’t offer their users a “free choice.”
If the complaints are upheld, the named companies would be forced to modify how they operate aside from paying heavy fines – up to 4% of global revenue. For instance, if this had happened last year, Google’s parent company, Alphabet would have been charged to pay $4.4 billion, while Facebook’s fine would be $1.6 billion.
The General Data Protection Regulation (GDPR) is a regulation under EU law which has changed how websites can use and collect personal data irrespective of their parent location. Provided their services extend to the EU, the rule stands.
The organization argues that the approach adopted by the named websites is a “take it or leave it” which does not comply with the GDPR. According to BBC, activist Max Schrems says users who do not agree having their data used for targeted advertising only have the option to delete their accounts and forego the service. Forcing people to accept sharing their information in exchange for using a service is not in compliance with the GDPR.
"The GDPR explicitly allows any data processing that is strictly necessary for the service - but using the data additionally for advertisement or to sell it on needs the users' free opt-in consent," noyb.eu said in a statement.
GDPR made it very clear that whatever is necessary for an app is legal without consent, others should be optional. The privacy advocate also said that most of the website users are unaware that pushing them into agreement for a service is prohibited under GDPR.
Four EU citizens filed the complaints with local regulators in Belgium, Austria, Germany and France. However, how the new law should be interpreted has been argued by privacy advocates though regulators and analysts had expected complaints to be filed sequel to the introduction.
Twitter is among some of the companies that have introduced controls to opt out of targeted advertising. While others have preferred to temporarily block their services across EU to completely escape from fowling the new law, perhaps, pending when they are able to establish rule-abiding service model.
In extreme cases, companies that fail to meet the GDPR requirements could be fined as much as 4% of the annual revenue or up to $26 million.
FT reports that Facebook’s chief privacy officer, Erin Egan said the company had spent more than a year making its privacy policies clearer and have introduced tools for users to access, delete and download their data.