Europe’s sweeping new data privacy regime came into effect this morning, and privacy activists are not wasting time in flexing their muscles. One organization has already made official data protection complaints about Google, Facebook, WhatsApp and Instagram, while another is going after the shadowy data brokers that trade people’s information behind the scenes.
The complaints about Google, Facebook and Facebook’s subsidiaries come from a group called None Of Your Business (NOYB)–a non-profit founded by the very successful serial Facebook litigant Max Schrems. Schrems, the Austrian lawyer who annihilated the U.S.-EU Safe Harbor data-sharing agreement a few years ago, formed the crowdfunded NOYB in order to take on big tech firms that break the EU’s new General Data Protection Regulation (GDPR.)
The new law only lets companies process people’s data if they have a valid legal basis for doing so. Several justifications are acceptable, and consent is one of the most frequently-chosen options. However, users have to be able to freely give their consent–the law says people can’t be forced into consenting to their data being processed, in order to use a service.
According to Schrems and his NOYB group, Google and Facebook are railroading users in this way.
“Facebook has even blocked accounts of users who have not given consent. In the end users only had the choice to delete the account or hit the ‘agree’ button-that’s not a free choice; it more reminds of a North Korean election process,” said Schrems in a statement. “Many users do not know yet that this annoying way of pushing people to consent is actually forbidden under GDPR in most cases.”
So NOYB has lodged complaints with a variety of European privacy regulators, “to enable European coordination.” One complaint, covering the consent requirements of Google’s Android, has been filed in France. The main Facebook complaint has been filed in Austria, while those for Instagram and WhatsApp are in the inboxes of the Belgian and Hamburg regulators respectively.
In case you’re wondering how a company is supposed to deliver a service without users giving their consent to their personal data being processed, here’s the deal: If the data really has to be processed in order to deliver the company’s services, then that’s a valid legal justification in itself. For example, an email service doesn’t need to get consent in order to send and deliver people’s emails. Consent is only needed when the company is trying to do other things with that data, such as using it to make money from advertisers.
Schrems and his non-profit argue that, if their complaints are successful, the victory should put an end to all those annoying consent popups that many companies think the GDPR demands.
“If companies realize that annoying pop-ups usually don’t lead to valid consent, we should also be free from this digital plague soon,” he said. “GDPR is very pragmatic on this point: Whatever is really necessary for an app is legal without consent, the rest needs a free ‘yes’ or ‘no’ option.”
Google and Facebook had not responded to requests for comment at the time of writing.
Meanwhile, a separate group in the U.K.–Privacy International–has launched an investigation into the companies that do behind-the-scenes trading of personal data.
The organization has sent letters to firms like Acxiom, Criteo and Quantcast, asking them how they handle personal data. The GDPR is pretty firm on this stuff–people are supposed to know when a company has their data, and companies are not supposed to be using that data to build profiles of people if that’s not the case.
“We welcome GDPR taking effect,” said Privacy International legal officer Ailidh Callander. “It’s been a long time coming, and GDPR is an important step in the right direction, providing essential safeguards to our human rights to privacy and data protection, by imposing more stringent obligations on companies, strengthening rights of individuals, and increasing enforcement powers. GDPR is a key tool to empower individuals, civil society, and journalists to fight against data exploitation.”
The GDPR threatens companies with massive fines for breaking its many terms–up to EUR20 million ($ 23.4 million) or 4% of global revenues, whichever is bigger. While these are big, scary figures, though, it is deeply unlikely that fines will be that high in any but the most egregious cases.
SPECIAL NEWS BULLETIN:
http://www.acrx.org -As millions of Americans strive to deal with the economic downturn,loss of jobs,foreclosures,high cost of gas,and the rising cost of prescription drug cost. Charles Myrick ,the President of American Consultants Rx, announced the re-release of the American Consultants Rx community service project which consist of millions of free discount prescription cards being donated to thousands of not for profits,hospitals,schools,churches,etc. in an effort to assist the uninsured,under insured,and seniors deal with the high cost of prescription drugs.-American Consultants Rx -Pharmacy Discount Network News
Click today to request your free ACRX discount prescription card and save up to 80% off of your medicine!
SPECIAL DONATION REQUEST UPDATE:
Please help American Consultants Rx achieve it’s biggest goal yet of donating over 30 million discount prescription cards to over 50k organizations in an effort to assist millions of Americans in need. Please click here to donate today!