The EU's General Data Protection Regulation goes live today, after what feels like a lifetime of build up. There hasn't been much time wasted in filing complaints, however, since dedicated Facebook privacy critic Max Schrems has already filed complaints levelled at Google and Facebook.
Schrems has filed four complaints on behalf of users, levelled at Facebook, Instagram, WhatsApp, and Google's Android, with regard to each service's 'take it or leave it' approach to data consent.
The argument is that both companies are using 'forced consent' to continue processing user data, when GDPR law requires users to be given the choice - excluding times when consent is a necessary part of supplying the service in question. Schrems said:
“It’s simple: Anything strictly necessary for a service does not need consent boxes anymore. For everything else users must have a real choice to say ‘yes’ or ‘no’.
“Facebook has even blocked accounts of users who have not given consent,” he adds. “In the end users only had the choice to delete the account or hit the “agree”-button — that’s not a free choice, it more reminds of a North Korean election process.”
If you've been on Facebook in the last couple of days, you'll know what he's talking about, Facebook pops up a box asking you to agree to a list of things - threatening to prevent you from using the service if you don't. Admittedly the information is far simpler than the usual T&Cs people agree to without reading, but there's little choice for the user. Seeing as how Facebook has become the go-to place for quick and easy communication between friends and family, it's not something you can just opt out of that easily.
Schrems also noted that smaller companies and start-ups don't have the same reach or power to use such demanding tactics, claiming there are competition factors GDPR enforcement needs to consider:
“The fight against forced consent ensures that the corporations cannot force users to consent. This is especially important so that monopolies have no advantage over small businesses.”
Speaking at the VivaTech conference in Paris, TechCrunch notes that Mark Zuckerberg claimed Facebook hasn't had to make any massive changes to comply with GDPR claiming that allowing users to take control of their data has been a core principle of Facebook's since the beginning. He also claimed that the "vast majority" of users were fine with targeted advertising, which requires the company to process user data.
Hmm. Well I assume plenty of people will agree when the choice is "say yes or get lost". We'll have to see how this plays out, and whether the EU is actually serious about enforcing the GDPR rules. If not, then then all this perp-work was for nothing and companies could easily just go back to whatever it is they were doing before. [TechCrunch]