by Robbie Harb
Google and Facebook were hit with a combined £6.6bn in lawsuits on the first day of the General Data Protection Regulation (GDPR) enforcement.
The lawsuits were filed by Australian privacy activist Max Schrems, a longtime critic of tech firms’ nebulous data collection practices, who seeks damages of £3.4bn from Facebook and £3.2bn from Google.
The GDPR is a new EU regulation that changes how personal data can be collected and used. Under the previous rules, companies were free to collect, share and use customer data for targeted advertising without having to gain permission from their customers.
The new legislation requires companies to gain the explicit and informed consent of their customers before collecting or using their data. As a result, most of the data that was gathered by companies prior to the enforcement of GDPR cannot be used.
Both Facebook and Google have rolled out new policies and products in order to comply with the new regulation. But Schrems has argued that these do not go far enough. In particular, he has criticised the firms’ take it or leave it approach in which customers must agree to having their data used or are forced to delete their accounts.
He said: “Many users do not know yet that this annoying way of pushing people to consent is actually forbidden under GPDR in most cases.”
GDPR allows companies to freely collect data on anything that is strictly necessary for the service to function, but requires firms to gain the consent of their customers for anything beyond this point. Schrems believes that Facebook and Google are masquerading optional data as necessary to their service, which he does not believe it is.
“It’s simple: anything strictly necessary for a service does not need consent boxes anymore. For everything else users must have a real choice to say ‘yes’ or ‘no’,” said Schrems.
Both companies have disputed the charges, arguing that their new policies comply with GDPR requirements.
Google’s comment on the issue was that: “We build privacy and security into our products from the very earliest stages, and are committed to complying with the EU General Data Protection Regulation.”
Facebook’s statement read: “We have prepared for the past 18 months to ensure we meet the requirements of the GDPR.”
Featured Image by harakir for Pixabay