Social media outlets are the targets of the first complaints filed under the EU’s General Data Protection Regulation, coming in hours after the regulation took effect on May 25.
The European consumer activist group NOYB, led by Max Schrems, who successfully brought suit that disqualified the US Safe Harbor, filed the complaints with data protection agencies in Austria, Belgium, France, and Germany by four unnamed private citizens (through NOYB).
NOYB, on behalf of the complainants, argues that the companies are in violation of the General Data Protection Regulation’s (GDPR’s) consent requirements. Under the GDPR, a data subject’s consent to collect personal data must be “freely given” and given for a specific purpose. NOYB argues that all of the companies at issue force users to consent to a broad range of data collection in order to use their basic services. For instance, the group alleges that a consumer who utilizes these services is forced to agree to a generalized privacy policy, with no option to continue using the service without consenting.
The complaints request that the relevant data protection agencies investigate the specific allegations and prohibit all processing operations that are based on the allegedly invalid consents. They also request the agencies to impose “effective, proportionate, and dissuasive fines" against each company. The maximum fine under the GDPR is 4% of a company’s gross revenue.
If you have any questions or would like more information on the issues discussed in this LawFlash, please contact any of the following Morgan Lewis lawyers:
Philadelphia
Greg Parks
San Francisco
Reece Hirsch
Paris
Charles Dauthier
Frankfurt
Walter Ahrens
Washington, DC
Dr. Axel Spies