Facebook and Google may already have fallen foul of European privacy laws which took effect today, in a move that critics say could cost the companies billions.
Firms that collect or process personal information online must now comply with new General Data Protection Regulation (GDPR) rules.
Companies should be informing their customers about the new regulations and giving them the choice of whether to continue giving them access to their data – but still be able to use their sites if they don’t.
Campaigners say that Facebook, Google, Instagram and WhatsApp are breaking the terms of GDPR by threatening customers and suggesting they will be unable to use their sites unless they agree to share their data.
Campaign group NOYB.EU says it has filed legal complaints about this behaviour.
Privacy group NOYB.EU has taken issue over the way the firms obtain users’ consent under the new EU rules. Max Schrems, a veteran of legal fights against Facebook and chair of the group, said this amounts to ‘forced consent’, which is prohibited by GDPR
In a statement today, the Austrian-based group argued that the companies are making users’ consent to their new terms of service a requirement if they want to continue using the service.
Those who object have to delete their account.
Max Schrems, a veteran of legal fights against Facebook and chair of the privacy group, said this amounts to ‘forced consent’, which is strictly prohibited under GDPR.
The law marks the biggest overhaul of personal data privacy rules since the birth of the internet, designed to give users a free choice, whether they agree to data usage or not.
NOYB.EU says that the opposite feeling has spread on the screens of many users.
On the first day of GDPR NOYB.EU has therefore filed four complaints against Google, Facebook, WhatsApp and Instagram over ‘forced consent’.
According to the group, these are the following cases filed, their jurisdictions and anticipated fines: Google, in CNIL, France, € 3.7bn (£3.2bn / $4.3bn); Instagram, DPA, Belgium,€ 1.3bn (£1.2bn / $1.5bn); WhatsApp HmbBfDI, Hamburg, € 1.3bn (£1.2bn / $1.5bn).
Under GDPR, companies will be required to report data breaches within 72 hours, as well as to allow customers to export their data and delete it.
Part of the expanded rights of data subjects outlined by the GDPR is the right for data subjects to obtain from the data controller confirmation as to whether or not personal data concerning them is being processed, where and for what purpose.
Further, the controller must provide a copy of the personal data, free of charge, in an electronic format. This change is a dramatic shift to data transparency and empowerment of data subjects.
Under the right to be forgotten, also known as Data Erasure, are entitled to have the data controller erase their personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data.
The conditions for erasure include the data no longer being relevant to original purposes for processing, or a data subject withdrawing their consent.
This right requires controllers to compare the subjects’ rights to ‘the public interest in the availability of the data’ when considering such requests.
Facebook and Google may already have fallen foul of European privacy laws which took effect today, in a move that could cost the companies billions, activists say. This is the latest in a growing list of criticisms levelled against Mark Zuckerberg’s firm
The rollout has been welcomed but is also causing confusion.
Companies are trying to understand what level of protection different data needs, whether this could force them to change the way they do business and innovate, and how to manage the EU’s 28 national data regulators, who enforce the law.
That uncertainty, together with stiff penalties for violating the law, has convinced internet-based businesses such as Unroll.me, an inbox management firm, and gaming company Ragnarok Online to block EU users from their sites. U.S. retailer Pottery Barn said it would no longer ship to EU addresses.
Earlier today, The Los Angeles Times said it was freezing readers in parts of Europe out of its website as new privacy rules come into force across the European Union.
Web users in Germany who visited the site got a notice saying the L.A. Times is ‘engaged on the issue and committed to looking at options that support our full range of digital offerings to the EU market.’
It added that the company is trying to ‘identify technical compliance solutions that will provide all readers with our award-winning journalism.’
No further details were provided.
The group campaigns for data protection rights and says it has filed legal complaints against Google, Facebook, Instagram and WhatsApp over their handling of GDPR. The group claims its action could force the US internet giants to pay up to €7 billion (£6.1 / $8.2 billion)
WHAT IS THE EU’S GENERAL DATA PROTECTION REGULATION?
The European Union’s General Data Protection Regulation (GDPR) is a new data protection law that will enter into force on May 25, 2018.
It aims to strengthen and unify data protection for all individuals within the European Union (EU).
This means cracking down on how companies like Google and Facebook use and sell the data they collect on their users.
The law will mark the biggest overhaul of personal data privacy rules since the birth of the internet.
Under GDPR, companies will be required to report data breaches within 72 hours, as well as to allow customers to export their data and delete it.
The European Union’s General Data Protection Regulation (GDPR) is a new data protection law that will enter into force on May 25. It aims to crack down on how companies like Google and Facebook use and sell the data they collect on their users
Part of the expanded rights of data subjects outlined by the GDPR is the right for data subjects to obtain from the data controller confirmation as to whether or not personal data concerning them is being processed, where and for what purpose.
Further, the controller must provide a copy of the personal data, free of charge, in an electronic format. This change is a dramatic shift to data transparency and empowerment of data subjects.
Under the right to be forgotten, also known as Data Erasure, are entitled to have the data controller erase their personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data.
The conditions for erasure include the data no longer being relevant to original purposes for processing, or a data subject withdrawing their consent.
This right requires controllers to compare the subjects’ rights to ‘the public interest in the availability of the data’ when considering such requests.
Companies worldwide have been sending their customers notices in recent days informing about changes to their terms of service, as part of efforts to comply with the new European rules, known as the General Data Protection Regulation.
The new data privacy law has some Europeans scratching their heads over what to do.
In Finland, the government says it has been contacted by households asking whether the law means they can no longer email invitations for a child’s birthday party.
The Finnish Justice Ministry’s Anu Talus told broadcaster YLE that the data privacy rules do not affect private households. The law only affects data that is intended for professional or commercial activities.
The broadcaster tody listed another case that had citizens puzzled.
Should timetables for users of Finnish saunas, which show residents’ names, be removed from the facility?
Finland’s Data Protection Ombudsman Reijo Aarnio said that was a ‘typical issue of interpretation,’ adding it was probably fine to assume that a sauna schedule can be visible.
‘Happy GDPR day everyone!’ Twitter rejoices as new data protection rules FINALLY come into force bringing an end to a ‘torrent’ of spam emails from companies (but dozens of US websites BLOCK European users)
Britons are among the Europeas rejoicing today after the slew of GDPR emails clogging up their inboxes for weeks finally stopped.
Many are wishing friends ‘Happy GDPR day’ while others exulted in their quiet email accounts after receiving hundreds of messages in recent days as businesses rushed to meet last night’s midnight EU deadline.
Social media has been swamped with people exhausted by the amount of spam they have been sent before today and now their relief that the deluge is over.
Brussels says GDPR is the most important change to data privacy rules in 20 years.
It is meant to give people more control over how their personal information is used, find out who has their details and also new rights to ensure they are deleted.
Companies have been bombarding customers with emails – sometimes several times per day – asking them to opt in because they face fines of up to £18million.
Non-EU businesses must also comply and some have blocked customers in Europe from using their websites or shut them down completely to avoid any heavy penalties.
Britons are celebrating today as the great GDPR onslaught of 2018 ended as the EU’s deadline passed
Non-EU businesses must also comply and some have blocked customers in Europe from using their websites or shut them down completely to avoid any heavy penalties
A&E Networks, which is owned by Hearst and Disney and runs history.com, has also blocked EU visitors
In America IT experts are cashing in on the fear GDPR has caused by offering to ‘geo-block’ all European customer for a fee.
Mobile advertising company Verve, which set up in Europe two years ago, is shutting down its offices in London and Munich rather than deal with the new privacy regime.
It laid off around 15 staff on May 11, according to The Drum.
Popular email unsubscription service Unroll.Me has also stopped working in Europe while it works out how to comply with the new rules.
Gamers have also been hit because of GDPR.
Online games Ragnarok and Super Monday Night Combat are shutting down servers for European users because it the cost of complying is too high to keep going.
The Tunngle Service gaming platform has also closed.
A&E Networks, which is owned by Hearst and Disney and runs history.com, has also blocked EU visitors.
Some news websites are also blocking European readers.
Titles belonging to the publishing company Tronc, which also include the Chicago Tribune and Baltimore Sun, are showing the message: ‘We are currently unavailable in most European countries’.
Dozens of websites have temporarily shut down in Europe with Britons unable to access them as new data protection rules come into force today.
The new General Data Protection Regulation (GDPR) give people in the EU new powers to access and control their personal data, as well as giving regulators greater power to levy fines on firms who mishandle data or fail to be transparent in how they collect and use it.
But American news websites including the New York Daily News and Los Angeles Times are among those which have temporarily shut down in Europe as the new law is rolled out.
Many are wishing friends ‘Happy GDPR day everyone’ while others exulted in their quiet email accounts after receiving hundreds of messages in recent days
The page URLs include the term GDPR, referring to the new General Data Protection Regulation, which comes into effect today promising to bolster consumer rights.
Meanwhile USA Today said it was directing British users to its ‘European Union Experience’ which was compliant with the new data protection rules.
TIME magazine and the Washington Post required users in the European Union to agree to new terms of service.
The GDPR gives people in the EU new powers to access and control their personal data, and gives regulators greater power to levy fines on firms who mishandle data or fail to be transparent in how they collect and use it.
Consumers have faced a torrent of emails asking them to opt in to further messages from companies required to comply with the GDPR.
Internet companies that track users online, whether for shopping, banking or other reasons, are set to face significant scrutiny.
The new rules require that they have specific justification, such as consent, for using personal information.
Microsoft CEO Satya Nadella said on Thursday that ‘with GDPR, we will now have to operate recognizing that privacy is a human right’.
Microsoft said this week it would apply European data rights to all its clients worldwide.
Facebook CEO Mark Zuckerberg, also speaking at the conference, said GDPR means adding some controls, but he insisted it is ‘not a massive departure’ from what Facebook does.
Popular email unsubscription service Unroll.Me has also stopped working in Europe while it works out how to comply with the new rules
Some American news websites have temporarily shut down in Britain as GDPR takes effect
The Los Angeles Times is among the titles in the Tronc group not appearing in the UK
The New York Daily News and other titles belonging to Tronc were among those affected
TIME magazine was among the websites which allowed users access if they agreed to terms