Data privacy activist Max Schrems takes aim at ‘forced consent’ in wake of GDPR

[steven36]

(Reuters) — As Europe’s new privacy law took effect on Friday, one activist wasted no time in asserting the additional rights it gives people over the data that companies want to collect about them.

 

 

 

Austrian Max Schrems filed complaints against Google, Facebook, Instagram and WhatsApp, arguing they were acting illegally by forcing users to accept intrusive terms of service or lose access.

 

That take-it-or-leave-it approach, Schrems told Reuters Television, violates people’s right under the General Data Protection Regulation (GDPR) to choose freely whether to allow companies to use their data.

 

“You have to have a ‘yes or no’ option,” Schrems said in an interview recorded in Vienna before he filed the complaints in various European jurisdictions.

 

“A lot of these companies now force you to consent to the new privacy policy, which is totally against the law.”

 

The GDPR overhauls data protection laws in the European Union that predate the rise of the internet and, most importantly, foresees fines of up to 4 percent of global revenues for companies that break the rules.

 

That puts potential sanctions in the ballpark of anti-trust fines levied by Brussels that, in Google’s case, have run into billions of dollars.

 

Andrea Jelinek, who heads both Austria’s Data Protection Authority and a new European Data Protection Board set up under GDPR, appeared to express sympathy with Schrems’ arguments at a news conference in Brussels.

 

Asked about the merits of Schrems’ complaints, Jelinek said: “If there is forced consent, there is no consent.”

Scourge of Facebook

Schrems was a 23-year-old law student when he first took on Facebook and he’s been fighting Mark Zuckerberg’s social network ever since – becoming the poster-boy for data privacy.

 

He won a landmark European court ruling in 2015 that invalidated a ‘safe harbour’ agreement allowing firms to transfer personal data from the EU to the United States, where data protection is less strict.

 

With GDPR in mind, he recently set up a non-profit called None of Your Business noyb.eu (noyb) that plans legal action to blunt the ability of the tech titans to harvest data that they then use to sell targeted advertising.

 

His laptop perched on the table of a traditional Viennese coffee house, Schrems showed how a pop-up message on Facebook seeks consent to use his data – and how he is blocked when he refuses.

 

“The only way is to really accept it, otherwise you cannot use your Facebook any more,” Schrems explained.

 

“As you can see, I have my messages there and I cannot read them unless I agree.”

 

Erin Egan, Facebook’s chief privacy officer, said in a statement that the company has prepared for 18 months to ensure it meets the requirements of GDPR by making its policies clearer and its privacy settings easier to find.

 

Facebook, which has more than 2 billion regular users, has also said that advertising allows it to remain free, and that the whole service, including ads, is meant to be personalized based on user data.

“1,000-euro brick”

Schrems said, however, that Instagram, a photo-sharing network popular with younger users, and encrypted messaging service WhatsApp – both owned by Facebook – also use pop-ups to gain consent and bar users who refuse.

 

The action brought by noyb against Google relates to new smartphones using its Android operating system. Buyers are required to hand over their data or else own “a 1,000-euro brick” that they can’t use, Schrems said.

 

Google did not immediately respond to a request for comment.

 

Noyb is filing the four claims with data protection authorities in France, Belgium, Germany and Austria. Ensuing litigation may play out in Ireland, where both Facebook and Google have their European headquarters.

 

One filing, made against Facebook on behalf of an Austrian woman, asks the country’s data protection authority to investigate and, as appropriate, prohibit data processing operations based on invalid consent.

 

It also asks the regulator to impose “effective, proportionate and dissuasive” fines as foreseen by GDPR, which in Facebook’s case could run to 1.3 billion euros ($1.5 billion).

 

“So far it was cheaper just to ignore privacy rights,” said Schrems. “Now, hopefully, it’s going to be cheaper to follow them because the penalties are so high.”

 

Source

 

[steven36]

Facebook and Google hit with $8.8 billion in lawsuits on day one of GDPR

 

 

On the first day of GDPR enforcement, Facebook and Google have been hit with a raft of lawsuits accusing the companies of coercing users into sharing personal data. The lawsuits, which seek to fine Facebook 3.9 billion and Google 3.7 billion euro, were filed by Austrian privacy activist Max Schrems, a longtime critic of the companies’ data collection practices.

 

GDPR requires clear consent and justification for any personal data collected from users, guidelines that have pushed companies across the internet to revise their privacy policies and collection practices. But there is still widespread uncertainty over how European regulators will treat the requirements, and many companies are still unprepared for enforcement.

 

Both Google and Facebook have rolled out new policies and products to comply with GDPR, but Schrems’ complaints argue those policies don’t go far enough. In particular, the complaint singles out the way companies obtain consent for the privacy policies, asking users to check a box in order to access services. It’s a widespread practice for online services, but the complaints argue that it forces users into an all-or-nothing choice, a violation of the GDPR’s provisions around particularized consent.

 

Shrems told the Financial Times that the existing consent systems were clearly non-compliant. “They totally know that it’s going to be a violation,” he said. “They don’t even try to hide it.”

 

The lawsuits are broken up into specific products, with one filed against Facebook and two others against its Instagram and WhatsApp subsidiaries. A fourth suit was filed against Google’s Android operating system.

 

Both companies have disputed the charges, arguing that existing measures were adequate to meet GDPR requirements. “We build privacy and security into our products from the very earliest stages,” Google said in a statement, “and are committed to complying with the EU GDPR.”

 

Facebook offered a similar defense, saying, “we have prepared for the past 18 months to ensure we meet the requirements of the GDPR.”

 

Source

[jabrwky]

Verizon (owns Yahoo!) and others are pulling the same scam.

When I receive a rental contract, I can revise, strike, or write in my own conditions.

  Not so with EULA's or these contemptible take-it-or-leave-it *agreements*.

 

  Is there one single person on this entire forum who's read and *understood* his Auto or Health insurance policy.

 

  Ever read carefully the denial of ALL rights in broadband or phone contracts? They should receive the same treatment.

[straycat19]

22 minutes ago, jabrwky said:

Is there one single person on this entire forum who's read and *understood* his Auto or Health insurance policy.

 

Of course I do.  If you don't understand it then you don't know what you are paying for or what you might have to pay for.  My auto insurance thru Government Employees Insurance has a $250 deductible and they pay for any accident not covered by the other persons insurance, with a maximum personal liablity of $1 million per person.  My health insurance is also thru the government and I have to pay not more than $150 per year for the family in total copays, with a $3000 catastrophic cap, and my annual premium is $0, in other words, it's free.  

[Matrix]

That didn't take long

The European Union's new GDPR privacy laws are going into effect today, and tech companies everywhere are struggling to adapt to the new rules.

The GDPR, for the unaware, is a set of new regulations that aim to give EU consumers more control over how their data is used online. For example, users can now request that a company delete the information it has stored about them or correct it if it's inaccurate.

At any rate, it seems a few companies aren't adapting to the GDPR as quickly as some would like -- Austrian privacy activist Max Schrems has filed numerous legal complaints against Facebook and Google for allegedly violating the GDPR's new rules.

Specifically, Schrems takes issue with how the two tech giants now require users to consent to their adjusted privacy policies before gaining access to their services. Schrems feels this is a violation of the GDPR rules surrounding "particularized" consent.

The complaints Schrems has filed so far are reportedly worth about 7.6 billion euro, or $8.86 billion.

The complaints Schrems has filed so far are reportedly worth about 7.6 billion euro, or $8.86 billion. These complaints were registered with the CNIL, a French data protection authority, according to the Irish Times.

In a statement to the Financial Times, Schrems said the companies in question "totally know" that they're violating GDPR rules, but both companies have denied this is the case.

Indeed, Facebook reportedly says they've "prepared for the past 18 months" to ensure they comply fully with the GDPR's requirements, and Google says they are "committed to complying" with GDPR rules.

Regardless, if Schrems' complaints have merit, they will be forwarded to the appropriate GDPR authorities for further investigation.

source

[DKT27]

@DonyMach1: Topics merged.

[steven36]

I wonder how many times will they get sued before they block the EU serval  USA news sites done blocked the EU   and even one of the Russian Music sites I use has blocked the EU and it was fine before .

 

This is what the Russian site looks like blocked from and EU ip.

And using a  Canada ip  it works just fine.

 

 

[jabrwky]

On 5/26/2018 at 8:27 AM, steven36 said:

This is what the Russian site looks like blocked from and EU ip.

THAT'S PROGRESS!