Apple and Amazon are among eight technology firms named in a complaint filed in Austria by the non-profit organisation noyb (‘none of your business’), which cited their failure to comply with the European Union’s General Data Protection Regulation (GDPR).
The action by noyb, chaired by data privacy activist Max Schrems, also named Netflix, Spotify and YouTube, after it tested them by requesting private data the companies hold about the user. “No service fully complied,” noyb said in its statement.
The GDPR, implemented in May, gives users the right to access their data and information about the sources and recipients of the data. Social networks must regain Europeans’ consent every time they want to use their data in new ways, including for targeted advertising.
Noyb said it filed its complaints with the Austrian authority on behalf of 10 users. The GDPR foresees fines of up to 4% of global revenues for companies that break the rules and the theoretical maximum penalty across the 10 complaints could be €18.8bn.
“Many services set up automated systems to respond to access requests, but they often don’t even remotely provide the data that every user has a right to,” Schrems said. “This leads to structural violations of users’ rights, as these systems are built to withhold the relevant information.”
Schrems is a veteran privacy campaigner who took his first legal action against Facebook as a student in 2011. Now a lawyer, he filed complaints last year against Google, Facebook, Instagram and WhatsApp, arguing they were acting illegally by forcing users to accept intrusive terms of service or lose access.