There has been a huge hue and cry about GDPR as companies scramble to get their data and privacy laws in order. You would’ve known from the 10,000 emails you have received to opt-in to continue receiving newsletters and such.
[Tweet “The EU’s GDPR went into effect on May 25 and on the same day complaints have been alleged violations have been filed against Facebook and Google.”]
The complaint accuses the two companies of flouting GDPR because they appear to force consumers to agree to their terms of service.
Facebook has been guiding European consumers through a series of policy updates about the type of data it collects in user profiles, how it can use data collected from outside websites, and its facial recognition services. While Facebook lets users decline enrolling in certain features like face recognition, it forces them to accept the overall terms of service in order to proceed to the social network.
READ: GDPR’s implications on the Middle East
Google offers a similarly mandatory notice on Android phones, where users who don’t accept the terms of service are not able to use the devices.
On May 25, those “forced consent” tactics were the first to come under scrutiny by European privacy advocates. They filed complaints in four countries against Google, Facebook, Instagram and WhatsApp. “Facebook has even blocked accounts of users who have not given consent,” says Max Schrems, a privacy activist with NOYB, also known as None Of Your Business, in a statement. “In the end users only had the choice to delete the account or hit the ‘agree’ button. That’s not a free choice, it more reminds of a North Korean election process.”
The idea of “forced consent” was expected to be a focus of privacy advocates. Their argument is that the Internet companies should offer their services without making consumers “accept” data collection for targeted advertising.
DOWNLOAD: Exclusive Ramadan Insights on how your brand can succeed in Ramadan
However, GDPR does allow companies to collect and use data if it is essential to the operation of their businesses, and that will likely be the argument Internet companies will make.
“We have prepared for the past 18 months to ensure we meet the requirements of the GDPR,” Erin Egan, Facebook’s chief privacy officer, says in a statement. “We have made our policies clearer, our privacy settings easier to find and introduced better tools for people to access, download, and delete their information. Our work to improve people’s privacy doesn’t stop on May 25.”
Facebook declined further comment on the specifics of the complaint. Google was not immediately available for comment.
READ: What’s missing in your FMCG Ramadan strategy?
Privacy advocates also took issue with how Facebook has been notifying European consumers of their data options, characterizing its procedures as manipulative and designed to pressure people into consenting.
They claim Facebook would tempt consumers to accept its terms and conditions by planting misleading notification messages – the little red bubbles in the icons at the top of the Facebook home screen that pop up when someone has a direct message.
