Google and Facebook accused of breaking GDPR laws
There have been complaints filed against Facebook, Google, Instagram and WhatsApp within hours of the new GDPR data protection law taking effect.
These companies are accused of forcing users to consent to targeted advertising to use the services. The privacy group noyb.eu led by activist Max Schrems said people were not being given a free choice. If complaints are upheld, the websites may be forced to change how they operate, and they could be fined.
What is the issue?
General Data Protection Regulation (GDPR) is a new EU law that changes how personal data can be collected and used, even companies based outside the EU must follow the new rules if offering their services in the EU.
The noyb.eu argues that the named companies are in breach of GDPR because they have adopted a ‘take it or leave it to approach‘.
The advocate group says customers must agree to have their data collected, shared and used for targeted advertising, or delete their accounts.
The regulators suggest, falls foul of the new rules because forcing people to accept wide-ranging data collection in exchange for using a service is prohibited under GDPR.
‘The GDPR clearly allows any data processing that is strictly necessary for the service but using the data additionally for advertisement or to sell it on needs the user’s free opt-in consent,’ said noyb.eu in a statement.
The GDPR is very pragmatic on this point; whatever is really necessary for an app is legal without consent, the rest needs a free ‘yes’ or ‘no’ option.
So many users do not know yet that this annoying way of pushing people to consent is actually forbidden under GDPR in most cases. The complaints were actually filed by four EU citizens with local regulators in Austria, Belgium, France and Germany. Privacy advocate Max Schrems stated.
The Analysts and regulators had expected complaints to be filed shortly after the introduction of the law, as organisations and privacy advocates argue over how the law should be interpreted.
Most companies based outside the EU have temporarily blocked their services across Europe to avoid falling foul of the new legislation. However, Twitter has introduced granular controls that let people opt out of targeted advertising. Companies that fall foul of GDPR can be in extreme cases fined more than £17m and that is a huge fine.
Facebook said in a statement that it had spent 18 months preparing to make sure it met the requirements of GDPR While Google also said that they have built privacy and security into our products from the very earliest stages and are committed to complying with the EU General Data Protection Regulation.
WhatsApp and Instagram are yet to say anything regarding the GDPR.