Europe’s sweeping data protection law came into force on Friday. Legal experts say big tech companies are already violating the new rules. Facebook and its subsidiaries Whatsapp and Instagram, as well as Google, are facing lawsuits. This is due to failure to comply with the General Data Protection Regulation (GDPR).
Austrian lawyer and privacy activist, Max Schrems, filed some complaints. These complaints claim the companies forced members to consent to terms of service with a “take it or leave it” threat. The complaints could result in penalties worth up to 7 billion euros ($8.1 billion).
His non-profit organization NOYB states “Tons of ‘consent boxes’ popped up online or in applications, often combined with a threat, that the service cannot longer be used if the user(s) do not consent.”
Under the new regulation, companies are prohibited from “bundling” consent requests and must provide a way for users to decide which permissions they wish to grant. However, common sense dictates that some permissions cannot be unbundled without making the service non-functional — users cannot honestly expect to be able to use Facebook if they consent to have their personal information collected but not stored.
Erin Egan, Facebook’s chief privacy officer, said in a statement “We have prepared for the past 18 months to ensure we meet the requirements of the GDPR, We have made our policies clearer, our privacy settings easier to find and introduced better tools for people to access, download and delete their information.” Egan also referred to a new feature Facebook announced earlier this month called “Clear History,” which will let users see the websites tracking their information and delete the data from their accounts.
In its own statement, Google said: “We build privacy and security into our products from the very earliest stages and are committed to complying with the EU General Data Protection Regulation. Over the last 18 months, we have taken steps to update our products, policies, and processes to provide users with meaningful data transparency and control across all the services that we provide in the EU.”
While Google and Facebook seem prepared to take on complaints, other American-based companies aren’t pressing their luck. Dozens of websites have started to simply block all visitors from the E.U. rather than face potential GDPR fines.