A few days ago, the General Data Protection Regulation (GDPR) was implemented, changing the way personal data is handled within the European Union (EU) and providing EU citizens with more control that data. The introduction of these additional rights have been pounced upon by a well-known Austrian activist, who has decided to file a complaint against some of the biggest names in tech.
Max Schrems, a European privacy campaigner and lawyer, has filed the complaints against Google, Facebook, Instagram, and WhatsApp, claiming their GDPR-related opt-ins are illegal because they force users to accept intrusive terms of service or lose access to the platforms, according to Reuters.
Schrems has been at war with Facebook for a number of years, winning a European court ruling in 2015 that put an end to the ‘Safe Harbour’ agreement which let companies transfer personal data from the EU to the US.
On the back of that decision, Facebook began using ‘Standard Contractual Contracts’(SCCs) to share data between the EU and the US, so Schrems turned his attention to fighting Facebook’s use of those instead. That case has been referred to the European Court of Justice by the Irish High Court.
Following his legal battles with Facebook, and with GDPR in mind, Schrems setup a non-profit called None of Your Business (noyb), which has launched the next wave of legal action.
The complaint levelled at Facebook this time around relates to its pop-up messages that ask users to consent to the use of their data. If the user refuses consent, they are then blocked from using their account, until they agree. A similar pop-up appears on the Facebook-owned platforms of Instagram and WhatsApp.
On the other hand, the action filed against Google relates to owners of new smartphones using its Android operating system being forced to agree to handing over their data or being barred from using the device.
The claims have been filed with data protection authorities in France, Belgium, Germany, and Austria.
While GDPR is already causing issues for some, they haven’t been able to focus entirely on the regulation due to another EU privacy law that could present them with even more of a problem.
The ePrivacy Regulation is currently under review by the Council of the European Union, following approval from European Parliament last year. It had been hoped that the law would go into effect this month but there have been internal disagreements over the regulation.
The regulation is aimed at specifically protecting the confidentiality of electronic communications and would force tech companies to ask for explicit permission before being able to place tracking codes on users’ devices or collecting data on their communications.
Out of fear over how the regulation could damage the industry, the likes of Facebook, Google, Microsoft, the Interactive Advertising Bureau (IAB) Europe, and others have been lobbying European Commission officials over ePrivacy.