Facebook and Google accused of violating GDPR on first day of the new European Privacy Law
When Mark Zuckerberg testified in front of members of the European Parliament, he insisted that Facebook was ready for Friday, the day when the European Unions’s strict new data privacy law went into effect. But users in Europe have already filed complaints against Facebook and others, saying the tech companies are in violation of the General Data Protection Regulation (GDPR).
The GDPR was passed in April 2016 and instituted stringent new rules on any company that held consumer data. User agreements, notorious for being long and complicated, are now supposed to be in plain language. And companies like Facebook and Google are supposed to let you know precisely what kind of data they’re collecting and/or selling about you.
The GDPR only went into effect on May 25, but complaints have already been filed against Google and Facebook, as well as WhatsApp and Instagram individually, which are both owned by Facebook.
So what are Facebook and Google allegedly doing to violate the GDPR? Privacy advocates in Europe say that instead of adhering to the letter of the law, companies aren’t really giving consumers a choice; you can either agree to let Facebook and Google collect enormous amounts of data on you, or you can delete their services. There is no middle ground.
“The GDPR explicitly allows any data processing that is strictly necessary for the service – but using the data additionally for advertisement or to sell it on needs the users’ free opt-in consent,” Max Schrems from the European Center For Digital Rights said in a statement.
Schrems refers to the pop-ups that users in European countries now see regularly, and points to the fact that there’s been no improvement in what would be called “informed consent” about what kind of data companies like Facebook and Google are collecting that they don’t necessarily “need” in order to provide you with their services.
“If companies realize that annoying pop-ups usually don’t lead to valid consent, we should also be free from this digital plague soon,” Schrems continued. “GDPR is very pragmatic on this point: whatever is really necessary for an app is legal without consent, the rest needs a free ‘yes’ or ‘no’ option.”
And aside from the simple desire to see companies adhere to the new legislation, advocates see compliance with GDPR as a way to tackle the virtual monopolies that the big tech companies currently have.
“The fight against forced consent ensures that the corporations cannot force users to consent,” said Schrems. “This is especially important so that monopolies have no advantage over small businesses.”
Google told the BBC that it’s “committed to complying with the EU General Data Protection Regulation” and Facebook has insisted that it’s spent the past 18 months getting prepared for GDPR. Google and Facebook did not immediately reply to Gizmodo’s request for comment.
Companies face incredibly strict fines if they’re found to be in violation of the GDPR, which would require some kind of audit to ensure their compliance. It’s not yet clear how soon European regulators will start actively enforcing the law, but companies had over two years to prepare for it. GDPR allows the EU to collect a maximum penalty of four percent of global revenue after the second violation, which would be in the billions of dollars for companies like Facebook and Google.
“We probably will not immediately have billions of penalty payments, but the corporations have intentionally violated the GDPR, so we expect a corresponding penalty under GDPR,’ Schrems said.