Facebook and Google may be fined BILLIONS for ‘ignoring GDPR rules’

Facebook and Google may already have fallen foul of European privacy laws which took effect today, in a move that critics say could cost the companies billions.

Firms that collect or process personal information online must now comply with new General Data Protection Regulation (GDPR) rules.

Companies should be informing their customers about the new regulations and giving them the choice of whether to continue giving them access to their data – but still be able to use their sites if they don’t.

Campaigners say that Facebook, Google, Instagram and WhatsApp are breaking the terms of GDPR by threatening customers and suggesting they will be unable to use their sites unless they agree to share their data.

Campaign group NOYB.EU says it has filed legal complaints about this behaviour.

 

Privacy group NOYB.EU has taken issue over the way the firms obtain users’ consent under the new EU rules. Max Schrems, a veteran of legal fights against Facebook and chair of the group, said this amounts to ‘forced consent’, which is prohibited by GDPR

In a statement today, the Austrian-based group argued that the companies are making users’ consent to their new terms of service a requirement if they want to continue using the service.

Those who object have to delete their account.

Max Schrems, a veteran of legal fights against Facebook and chair of the privacy group, said this amounts to ‘forced consent’, which is strictly prohibited under GDPR.  

The law marks the biggest overhaul of personal data privacy rules since the birth of the internet, designed to give users a free choice, whether they agree to data usage or not.

NOYB.EU says that the opposite feeling has spread on the screens of many users.

On the first day of GDPR NOYB.EU has therefore filed four complaints against Google, Facebook, WhatsApp and Instagram over ‘forced consent’.

According to the group, these are the following cases filed, their jurisdictions and anticipated fines:  Google, in CNIL, France, € 3.7bn (£3.2bn / $4.3bn); Instagram, DPA, Belgium,€ 1.3bn (£1.2bn / $1.5bn); WhatsApp HmbBfDI, Hamburg, € 1.3bn (£1.2bn / $1.5bn).

WHAT IS THE MAXIMUM FINE EACH FIRM TARGETED BY NOYB.EU UNDER GDPR MIGHT ATTRACT?

The new General Data Protection Regulation (GDPR) which came into force on May 25 is designed to give users a free choice, whether they agree to data usage or not.

Austrian based data protection campaign group NOYB.EU – which stands for ‘none of your business’ – says that the opposite feeling has spread on the screens of many users.

It says thousands of ‘consent boxes’ have popped up online or in applications, often combined with a threat, that the service cannot longer be used if users do not consent. 

On the first day of GDPR noyb.eu has therefore filed four complaints against Google (Android), Facebook, WhatsApp and Instagram over ‘forced consent’.

According to the group, these are the following cases filed, their jurisdictions and anticipated fines:

CASES FILED 
Company Authority Maximum Penalty
Google (Android) CNIL (France) € 3.7bn (£3.2bn / $4.3bn)
Instagram DPA (Belgium) € 1.3bn (£1.2bn / $1.5bn)
WhatsApp HmbBfDI (Hamburg) € 1.3bn (£1.2bn / $1.5bn) 
Facebook DSB (Austria) € 1.3bn (£1.2bn / $1.5bn) 

Under GDPR, companies will be required to report data breaches within 72 hours, as well as to allow customers to export their data and delete it.

Part of the expanded rights of data subjects outlined by the GDPR is the right for data subjects to obtain from the data controller confirmation as to whether or not personal data concerning them is being processed, where and for what purpose. 

Further, the controller must provide a copy of the personal data, free of charge, in an electronic format. This change is a dramatic shift to data transparency and empowerment of data subjects.

Under the right to be forgotten, also known as Data Erasure, are entitled to have the data controller erase their personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data. 

The conditions for erasure include the data no longer being relevant to original purposes for processing, or a data subject withdrawing their consent. 

This right requires controllers to compare the subjects’ rights to ‘the public interest in the availability of the data’ when considering such requests.

 Facebook and Google may already have fallen foul of European privacy laws which took effect today, in a move that could cost the companies billions, activists say. This is the latest in a growing list of criticisms levelled against Mark Zuckerberg's firm

 Facebook and Google may already have fallen foul of European privacy laws which took effect today, in a move that could cost the companies billions, activists say. This is the latest in a growing list of criticisms levelled against Mark Zuckerberg’s firm

WHAT CHANGES IS FACEBOOK MAKING TO COMPLY WITH THE EU’S GENERAL DATA PROTECTION REGULATION?

The European Union’s General Data Protection Regulation (GDPR) will enter into force on May 25, 2018 and offer greater privacy protection online.

New terms of service at Facebook are designed to ensure the Menlo Park, California, firm complies with the forthcoming EU rules, with European residents seeing the measures first.

Facebook is hoping to exclude 1.5 billion of its worldwide users from the new GDPR laws, arguing that only EU citizens should fall under its purview.

Almost 1.9 billion non-EU international users, outside of the US and Canada, would be protected by the stricter law under current rules.

Members in Africa, Asia, Australia and Latin America would be excluded from the GDPR’s protections if the move goes ahead.

Under the new policy, Facebook users will be asked to review and make choices about ads they receive, including whether they want Facebook to use data from third parties.

Facebook will begin to ask users if they want to opt in or out of its facial recognition feature, which is making a return under GDPR.

They will also be asked to review and choose what to share about sensitive personal data. This will include their political and religious beliefs, as well as relationship status information on their profiles.

Facebook is also taking steps to comply with rules that limit advertising and public viewing of data for teens.

This will mean no use of facial recognition for anyone under age 18 and limitations on who can see certain information teens have shared.

To comply with GDPR, Facebook will also limit what it shows to users between the ages of 13 and 15 unless they get permission from a parent. 

The rollout has been welcomed but is also causing confusion.

Companies are trying to understand what level of protection different data needs, whether this could force them to change the way they do business and innovate, and how to manage the EU’s 28 national data regulators, who enforce the law.

That uncertainty, together with stiff penalties for violating the law, has convinced internet-based businesses such as Unroll.me, an inbox management firm, and gaming company Ragnarok Online to block EU users from their sites. U.S. retailer Pottery Barn said it would no longer ship to EU addresses. 

Earlier today, The Los Angeles Times said it was freezing readers in parts of Europe out of its website as new privacy rules come into force across the European Union.

Web users in Germany who visited the site got a notice saying the L.A. Times is ‘engaged on the issue and committed to looking at options that support our full range of digital offerings to the EU market.’

It added that the company is trying to ‘identify technical compliance solutions that will provide all readers with our award-winning journalism.’

No further details were provided.

A group that campaigns for data protection rights says it has filed legal complaints against Google, Facebook, Instagram and WhatsApp over their handling of GDPR

Four of the largest social media sites, including Facebook, may already have fallen foul of European privacy laws which took effect today

The group campaigns for data protection rights and says it has filed legal complaints against Google, Facebook, Instagram and WhatsApp over their handling of GDPR. The group claims its action could force the US internet giants to pay up to €7 billion (£6.1 / $8.2 billion)

WHAT IS THE EU’S GENERAL DATA PROTECTION REGULATION?

The European Union’s General Data Protection Regulation (GDPR) is a new data protection law that will enter into force on May 25, 2018.

It aims to strengthen and unify data protection for all individuals within the European Union (EU).

This means cracking down on how companies like Google and Facebook use and sell the data they collect on their users.

The law will mark the biggest overhaul of personal data privacy rules since the birth of the internet.

Under GDPR, companies will be required to report data breaches within 72 hours, as well as to allow customers to export their data and delete it.

The European Union's General Data Protection Regulation (GDPR) is a new data protection law that will enter into force on May 25. It aims to  crack down on how companies like Google and Facebook use and sell the data they collect on their users

The European Union’s General Data Protection Regulation (GDPR) is a new data protection law that will enter into force on May 25. It aims to crack down on how companies like Google and Facebook use and sell the data they collect on their users

Part of the expanded rights of data subjects outlined by the GDPR is the right for data subjects to obtain from the data controller confirmation as to whether or not personal data concerning them is being processed, where and for what purpose. 

Further, the controller must provide a copy of the personal data, free of charge, in an electronic format. This change is a dramatic shift to data transparency and empowerment of data subjects.

Under the right to be forgotten, also known as Data Erasure, are entitled to have the data controller erase their personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data. 

The conditions for erasure include the data no longer being relevant to original purposes for processing, or a data subject withdrawing their consent. 

This right requires controllers to compare the subjects’ rights to ‘the public interest in the availability of the data’ when considering such requests.

Companies worldwide have been sending their customers notices in recent days informing about changes to their terms of service, as part of efforts to comply with the new European rules, known as the General Data Protection Regulation.

The new data privacy law has some Europeans scratching their heads over what to do.

In Finland, the government says it has been contacted by households asking whether the law means they can no longer email invitations for a child’s birthday party.

The Finnish Justice Ministry’s Anu Talus told broadcaster YLE that the data privacy rules do not affect private households. The law only affects data that is intended for professional or commercial activities.

The broadcaster tody listed another case that had citizens puzzled. 

Should timetables for users of Finnish saunas, which show residents’ names, be removed from the facility? 

Finland’s Data Protection Ombudsman Reijo Aarnio said that was a ‘typical issue of interpretation,’ adding it was probably fine to assume that a sauna schedule can be visible.

‘Happy GDPR day everyone!’ Twitter rejoices as new data protection rules FINALLY come into force bringing an end to a ‘torrent’ of spam emails from companies (but dozens of US websites BLOCK European users) 

Britons are among the Europeas rejoicing today after the slew of GDPR emails clogging up their inboxes for weeks finally stopped.

Many are wishing friends ‘Happy GDPR day’ while others exulted in their quiet email accounts after receiving hundreds of messages in recent days as businesses rushed to meet last night’s midnight EU deadline.

Social media has been swamped with people exhausted by the amount of spam they have been sent before today and now their relief that the deluge is over. 

Brussels says GDPR is the most important change to data privacy rules in 20 years. 

It is meant to give people more control over how their personal information is used, find out who has their details and also new rights to ensure they are deleted.

Companies have been bombarding customers with emails – sometimes several times per day – asking them to opt in because they face fines of up to £18million. 

Non-EU businesses must also comply and some have blocked customers in Europe from using their websites or shut them down completely to avoid any heavy penalties. 

Britons are celebrating today as the great GDPR onslaught of 2018 ended as the EU's deadline passed

Britons are celebrating today as the great GDPR onslaught of 2018 ended as the EU’s deadline passed

Non-EU businesses must also comply and some have blocked customers in Europe from using their websites or shut them down completely to avoid any heavy penalties

Non-EU businesses must also comply and some have blocked customers in Europe from using their websites or shut them down completely to avoid any heavy penalties

A&E Networks, which is owned by Hearst and Disney and runs history.com, has also blocked EU visitors

A&E Networks, which is owned by Hearst and Disney and runs history.com, has also blocked EU visitors

In America IT experts are cashing in on the fear GDPR has caused by offering to ‘geo-block’ all European customer for a fee.  

Mobile advertising company Verve, which set up in Europe two years ago, is shutting down its offices in London and Munich rather than deal with the new privacy regime.

It laid off around 15 staff on May 11, according to The Drum. 

Popular email unsubscription service Unroll.Me has also stopped working in Europe while it works out how to comply with the new rules.

Gamers have also been hit because of GDPR.  

Online games Ragnarok and Super Monday Night Combat are shutting down servers for European users because it the cost of complying is too high to keep going.

The Tunngle Service gaming platform has also closed. 

A&E Networks, which is owned by Hearst and Disney and runs history.com, has also blocked EU visitors. 

Some news websites are also blocking European readers.   

Titles belonging to the publishing company Tronc, which also include the Chicago Tribune and Baltimore Sun, are showing the message: ‘We are currently unavailable in most European countries’. 

Dozens of websites have temporarily shut down in Europe with Britons unable to access them as new data protection rules come into force today.

The new General Data Protection Regulation (GDPR) give people in the EU new powers to access and control their personal data, as well as giving regulators greater power to levy fines on firms who mishandle data or fail to be transparent in how they collect and use it. 

But American news websites including the New York Daily News and Los Angeles Times are among those which have temporarily shut down in Europe as the new law is rolled out. 

Many are wishing friends 'Happy GDPR day everyone' while others exulted in their quiet email accounts after receiving hundreds of messages in recent days

Many are wishing friends ‘Happy GDPR day everyone’ while others exulted in their quiet email accounts after receiving hundreds of messages in recent days

The page URLs include the term GDPR, referring to the new General Data Protection Regulation, which comes into effect today promising to bolster consumer rights. 

Meanwhile USA Today said it was directing British users to its ‘European Union Experience’ which was compliant with the new data protection rules.   

TIME magazine and the Washington Post required users in the European Union to agree to new terms of service.

The GDPR gives people in the EU new powers to access and control their personal data, and gives regulators greater power to levy fines on firms who mishandle data or fail to be transparent in how they collect and use it.  

Consumers have faced a torrent of emails asking them to opt in to further messages from companies required to comply with the GDPR. 

Internet companies that track users online, whether for shopping, banking or other reasons, are set to face significant scrutiny. 

The new rules require that they have specific justification, such as consent, for using personal information.  

Microsoft CEO Satya Nadella said on Thursday that ‘with GDPR, we will now have to operate recognizing that privacy is a human right’.

Microsoft said this week it would apply European data rights to all its clients worldwide.

Facebook CEO Mark Zuckerberg, also speaking at the conference, said GDPR means adding some controls, but he insisted it is ‘not a massive departure’ from what Facebook does.    

Popular email unsubscription service Unroll.Me has also stopped working in Europe while it works out how to comply with the new rules

Popular email unsubscription service Unroll.Me has also stopped working in Europe while it works out how to comply with the new rules

Some American news websites have temporarily shut down in Britain as GDPR takes effect

Some American news websites have temporarily shut down in Britain as GDPR takes effect

The Los Angeles Times is among the titles in the Tronc group not appearing in the UK

The Los Angeles Times is among the titles in the Tronc group not appearing in the UK

The New York Daily News and other titles belonging to Tronc were among those affected

The New York Daily News and other titles belonging to Tronc were among those affected

TIME magazine was among the websites which allowed users access if they agreed to terms

TIME magazine was among the websites which allowed users access if they agreed to terms



Read more at DailyMail.co.uk