Facebook and Google have become the first ones to get hit with General Data Protection Regulation, Europe's new privacy and data protection framework.
Facebook, Google Slammed With $8.8 Billion Lawsuits
The GDPR came into effect on May 25, 2018, and on the very first day, the two tech behemoths were hit with $8.8 billion lawsuits over coercing users into sharing personal data.
European consumer rights organization Noyb, led by Austrian privacy activist and lawyer Max Schrems, has filed four separate lawsuits against Google's Android operating system, and Facebook, Instagram as well as WhatsApp, all of which are owned by Facebook.
In the lawsuit, Noyb has alleged that the companies have breached the law by forcing users into giving consent to share their personal data. The activist group claimed the companies asked users to agree to have their data collected, shared, and used for targeted advertising, or have their accounts deleted.
"Facebook has even blocked accounts of users who have not given consent. In the end users only had the choice to delete the account or hit the agree button - that's not a free choice, it more reminds of a North Korean election process," Schrems said in a statement.
If Facebook and Google are found guilty of violating the law, both companies could receive fines to the tune of 4 percent of their global revenue, which translates to about $4 billion dollars each.
What Is GDPR?
GDPR is a regulation on data protection and privacy for all individuals within the European Union and the European Economic Area. It is a set of rules introduced with the intention to give citizens more control over their personal data and to simplify the regulatory environment for businesses in the digital age.
Even companies outside the EU and EEA are required to follow the regulations if they offer services in any of the 28 member states of the EU.
What Are Its Requirements?
Under the terms of GDPR, companies are not only required to take clear consent from users but also provide a justification while collecting any personal data from them.
Both Facebook and Google have rolled out new policies and products in compliance with GDPR, but Schrems argues that the new policies don't go far enough. The Austrian lawyer noted that the companies obtain consent for the privacy policies by forcing users into a "take it or leave it" choice in order to use the services, which is a clear violation of the GDPR rules.
The two companies have disputed the charges and argued that their existing measures were adequate to meet GDPR requirements.