News & Politics

Facebook and Google Slapped with $8.8 Billion in Lawsuits on First Day of GDPR

Avaaz campaigners hold a banner in front of 100 cardboard cutouts of the Facebook founder and CEO stand outside the U.S. Capitol, before Mark Zuckerberg testifies before the Senate, in Washington on Tuesday, April 10, 2018. (Kevin Wolf/AP images for AVAAZ)

Europe’s General Data Protection Regulation (GDPR) has just gone into effect, which is the reason we’ve been getting a deluge of new privacy policies in our email. Because most companies don’t want to offer two different services, one for Europe and one for the rest of the world, we get the benefit of Europe’s stricter privacy requirements. Among its benefits, the new GDPR requires users to be able to opt out of giving up personal information.

On Friday, a long-time Austrian privacy advocate and critic of Facebook, Max Schrems, filed four complaints relating to a number of companies that offer a take it or leave it choice rather than an opt-out option.

The complaints were filed against Facebook, Facebook-owned Instagram and WhatsApp, and Google Android. The Facebook complaints are for  $3.9 billion, while the Google Android complaint was for $3.7 billion.

Schrems claims that these companies require forced consent, while the law requires that users be given a free choice unless the consent is absolutely needed for the product to function.  He believes it applies to Facebook because the Facebook product is a social networking site and not a service for acquiring personal data.

Schrems argues, “It’s simple: Anything strictly necessary for a service does not need consent boxes anymore. For everything else users must have a real choice to say ‘yes’ or ‘no.'”

If a Facebook user refuses to give consent, the company blocks that user’s account. He says, “In the end, users only had the choice to delete the account or hit the ‘agree’ button — that’s not a free choice, it more reminds of a North Korean election process.”

Facebook’s privacy officer, Erin Egan, responded with this somewhat convoluted statement: “We have prepared for the past 18 months to ensure we meet the requirements of the GDPR. We have made our policies clearer, our privacy settings easier to find and introduced better tools for people to access, download, and delete their information. Our work to improve people’s privacy doesn’t stop on May 25th. For example, we’re building Clear History: a way for everyone to see the websites and apps that send us information when you use them, clear this information from your account, and turn off our ability to store it associated with your account going forward.”

While it’s unclear how strong Schrem’s case is, we can thank the Europeans for providing more transparency and more options for protecting our personal data.