Privacy activists have wasted no time testing Europe’s new data rules, filing lawsuits against the Google and Facebook on Day One of GDPR enforcement.
The complaints are spearheaded by Austrian lawyer Max Schrems, who has a history of legal action against Facebook, including a successful lawsuit that challenged Facebook’s ability to transfer data from the EU to the US.
In preparation for GDPR, Schrems set up an organisation called NOYB (None of your business) which last Friday filed four lawsuits against Google’s Android operating system, Facebook, Whatsapp and Instagram.
The four claims, lodged with data protection authorities in France, Belgium, Germany and Austria, take aim at the way the internet giants gain consent, arguing they are coercing users into sharing their data.
NOYB specifically cites pop-up boxes which ask users to consent to their terms in order to continue using the service.
The group argues that under the GDPR, access to services can no longer depend on whether a user consents to the use of their data.
Breaches of the new privacy laws can result in fines up to 20 million euros or 4 per cent of global revenue, whichever is higher. In Facebook’s case that could run to 1.3 billion euros for each complaint and 3.4 billion euros for Google.
“So far it was cheaper just to ignore privacy rights,” Schrems told Reuters. “Now, hopefully, it’s going to be cheaper to follow them because the penalties are so high.”
Both Google and Facebook dispute the claims. Google issued a statement to media stating: “We build privacy and security into our products from the very earliest stages and are committed to complying with the EU General Data Protection Regulation.”
While Facebook said: “We have prepared for the past 18 months to ensure we meet the requirements of the GDPR.”
Outlines of each complaint can be found here.