×

Facebook, Google face complaints worth $8 billion over alleged breach of new EU data law

  • Max Schrems' non-profit organization NOYB filed complaints against Google, Facebook and Facebook-owned services WhatsApp and Instagram.
  • Schrems alleged that the companies "forced consent" from users to obtain the right to use their data and comply with the EU's GDPR.
  • Schrems accused Facebook and Google of not giving users a "free choice" to agree to the tech firms using their data.
Facebook and Google logos
Peter Foley/Bloomberg | Getty Images
Facebook and Google logos

Privacy activist Max Schrems has wasted no time making use of Europe's new data protection law to target the giants of Silicon Valley.

The Austrian lawyer's non-profit organization NOYB filed complaints against Google, Facebook and Facebook-owned services WhatsApp and Instagram on Friday. The complaints could result in penalties worth up to 7 billion euros ($8.1 billion).

Schrems alleged that the companies "forced consent" from users to obtain the right to use their data and comply with the European Union's General Data Protection Regulation (GDPR).

GDPR, which was implemented on Friday, means that firms must obtain explicit consent from customers in order to user their data. It also lets people request to see all the data firms have on them and to have that data deleted.

"Facebook has even blocked accounts of users who have not given consent," Schrems said. "In the end, users only had the choice to delete the account or hit the 'agree' button — that's not a free choice, it more reminds (me) of a North Korean election process."

GDPR threatens to fine firms up to 4 percent of global annual turnover or 20 million euros ($23.4 million) — whichever is bigger — for violations.

Austrian lawyer and privacy activist Max Schrems.
Joe Klamar | AFP
Austrian lawyer and privacy activist Max Schrems.

Various companies have been sending out emails notifying people of the changes to the law in Europe and have been asking users to give their consent to stay on mailing lists.

Schrems accused Facebook and Google of not giving users a "free choice" to agree to the tech firms using their data.

It's not the first time Schrems has challenged Facebook. Europe's highest court sided with him in 2015, ruling that an EU-U.S. data sharing agreement was illegal. The case came on the back of revelations from former U.S. National Security Agency contractor Edward Snowden about global surveillance programs run by the NSA and other intelligence agencies.

"We have prepared for the past 18 months to ensure we meet the requirements of the GDPR," Erin Egan, Facebook's chief privacy officer, said in a statement. "We have made our policies clearer, our privacy settings easier to find and introduced better tools for people to access, download and delete their information."

Egan referred to a new feature Facebook announced earlier this month called "Clear History," which will let users see the websites tracking their information and delete the data from their accounts.

A Google spokesperson said in a statement: "We build privacy and security into our products from the very earliest stages and are committed to complying with the EU General Data Protection Regulation.

"Over the last 18 months, we have taken steps to update our products, policies and processes to provide users with meaningful data transparency and control across all the services that we provide in the EU."

Facebook, in particular, has come under scrutiny regarding the way it handles user data following the Cambridge Analytica scandal. The social network has admitted that the data of 87 million users was improperly shared with the controversial political data analytics company. The scandal has heightened concerns that the use of personal data and targeted advertising on social media may have swayed the results of elections.