Facebook and Google received multiple complaints of implementing improper data management approvals Thursday, the first day a new broad European Union law took effect.
The official objections come from Max Schrems, an Austrian critic of giant tech companies, who alleges that Facebook, its subsidiaries Instagram and WhatsApp, and Google (through its Android operating system), are employing “forced consent” tactics.
Schrems believes that rather than embracing the overarching ostensible ethos of the General Data Protection Regulation (GDPR), Facebook and Google are instead essentially threatening to remove their services if people don’t agree to continue giving permission for data usage.
The GDPR “is supposed to give users a free choice, whether they agree to data usage or not,” Schrems wrote in complaint filings. “The opposite feeling spread on the screens of many users: Tons of ‘consent boxes’ popped up online or in applications, often combined with a threat, that the service cannot longer be used if user do not consent.”
The complaints were filed with regulatory authorities in France, Germany, Austria, and Belgium.
“The European Union’s General Data Protection Regulation is the most significant policy change regarding data collection and retention in history,” Ryan Radia of the Competitive Enterprise Institute told The Daily Caller News Foundation. “The economic effects will include greater market concentration, as small firms and startups struggle to comply, and result in conflicting priorities for businesses, greater inconvenience for users, and reduced innovation around the globe.”
Schrems says that smaller companies like startups are the ones that are disadvantaged by Google and Facebook’s apparent strategy since they aren’t as able to strong-arm users.
It seems that a lot of entities aren’t ready for GDPR — which allows officials to exact hefty fines if they don’t abide by data protection rules — not just the two aforementioned tech companies.
A Reuters survey published in early May showed that the European regulators themselves feel ill-equipped to police big tech companies, especially since a lot are based in America and almost all operate internationally, thus simultaneously within the legal bounds of the EU as well as other countries. (RELATED: Europe Vs. Silicon Valley: How The Continent Is Responding To Big Tech’s Growing Power)
Several prominent U.S. news websites, for example, are reportedly unavailable in Europe because of a lack of GDPR compliance. Around a year ago, 61 percent of privacy professionals said in a survey that they had not started the process of readying themselves for GDPR, and it’s not clear how much that number has changed since Friday.
Schrems wants to hold them accountable, although arguments he has made in the past haven’t held up. The highest court for the EU, a governing body that is for the most part more harsh when it comes to oversight of the private sector, ruled in January that Schrems’ complaint is not legally valid. The privacy activist wanted Facebook to pay each one of the roughly 25,000 signees of his class action lawsuit 500 euros for allegedly misusing their personal data.
The European Court of Justice threw out the case in January, arguing that Schrems could only file the suit on behalf of himself, something Schrems said he planned on doing after.
“We build privacy and security into our products from the very earliest stages and are committed to complying with the EU General Data Protection Regulation,” a Google spokeswoman told TheDCNF. “Over the last 18 months, we have taken steps to update our products, policies and processes to provide users with meaningful data transparency and control across all the services that we provide in the EU.”
Facebook did not respond to TheDCNF’s request for comment in time of publication.
Send tips to email@example.com.
Content created by The Daily Caller News Foundation is available without charge to any eligible news publisher that can provide a large audience. For licensing opportunities of our original content, please contact firstname.lastname@example.org.