Europe’s new privacy framework, the General Data Protection Regulation (GDPR), is now being applied — and long time Facebook privacy critic, Max Schrems, has wasted no time in filing four complaints relating to (certain) companies’ ‘take it or leave it’ stance when it comes to consent.
The Austrian lawyer’s non-profit organization NOYB filed complaints against Google, Facebook and Facebook-owned services WhatsApp and Instagram on Friday. The complaints could result in penalties worth up to 7 billion euros ($8.1 billion).
Schrems alleged that the companies “forced consent” from users to obtain the right to use their data and comply with the European Union’s General Data Protection Regulation (GDPR).
GDPR, which was implemented on Friday, means that firms must obtain explicit consent from customers in order to user their data. It also lets people request to see all the data firms have on them and to have that data deleted.
“Facebook has even blocked accounts of users who have not given consent,” Schrems said. “In the end, users only had the choice to delete the account or hit the ‘agree’ button — that’s not a free choice, it more reminds (me) of a North Korean election process.”
The idea of “forced consent” was expected to be a focus of privacy advocates. Their argument is that the internet companies should offer their services without making consumers “accept” data collection for targeted advertising.
GDPR threatens to fine firms up to 4 percent of global annual turnover or 20 million euros ($23.4 million) — whichever is bigger — for violations.
However, GDPR does allow companies to collect and use data if it is essential to the operation of their businesses. If the data really has to be processed in order to deliver the company’s services, then that’s a valid legal justification in itself. For example, an email service doesn’t need to get consent in order to send and deliver people’s emails. Consent is only needed when the company is trying to do other things with that data, such as using it to make money from advertisers.
Privacy laws are nothing new in Europe but robust enforcement of them would certainly be a breath of fresh air. And now at least, thanks to GDPR, there’s a penalties structure in place to provide incentives as well as teeth, and spin up a market around strategic litigation — with Schrems and noyb in the vanguard.
Facebook, in particular, has come under scrutiny regarding the way it handles user data following the Cambridge Analytica scandal. The social network has admitted that the data of 87 million users was improperly shared with the controversial political data analytics company. The scandal has heightened concerns that the use of personal data and targeted advertising on social media may have swayed the results of elections.