Two years after it was formulated as a means to protect the online privacy of EU citizens, General Data Protection Regulation (GDPR) has finally come into effect in Europe, with the European Commission celebrating the occasion as the day when the continent finally started asserting its ‘Digital Sovereignty’. As can be seen from the embedded tweet below, the EC also claimed that it will now put ‘Europeans back in control of their data’.
Within hours of the new, stringent data protection regulations taking effect in the EU, a privacy group has filed complaints against Google and Facebook, accusing the two American tech giants of extracting ‘forced consent’.
Led by Austrian lawyer and privacy activist, Max Schrems, a group called NOYB (None Of Your Business) has filed a number of complaints against various online services from the two companies for allegedly using coercive tactics to force users into allowing the companies to process their data for financial gain.
To understand why the cases were filed, one has to know how the new regulations work in the first place. GDPR only allows companies to access user-data if they have valid legal grounds to do so, including court orders or voluntary consent. It is this second aspect that they are now being accused of misusing, with Schrems accusing the companies of providing users with a false choice.
“Facebook has even blocked accounts of users who have not given consent. In the end users only had the choice to delete the account or hit the ‘agree’ button–that’s not a free choice; it more reminds of a North Korean election process. Many users do not know yet that this annoying way of pushing people to consent is actually forbidden under GDPR in most cases”
As can be seen, Schrems says that these companies are not even allowing their users to accesses the services unless they allow their data to be processed. Which is why, NOYB has lodged complaints with a variety of European privacy regulators ‘to enable European coordination’.
While the complaint against Android has been filed in France, the main complaint against Facebook has been registered in Austria. The cases against Instagram and WhatsApp, meanwhile, have been filed in Belgium and Germany respectively.
All tech companies have to comply with the new GDPR law in relation to data collection and compliance has proved complicated even with a two-year notice. While one such company, UnrollMe, decided that it will have to pull down the curtains on its EU business once the new regulations come into effect, a multitude of other companies, including many in India, have also expressed reservations about compliance and possible repercussions of failing to comply.