The introduction of a new law often leads to high drama and action during the initial days. The General Data Protection Regulation (GDPR) that came into effect on May 25 has started to show its might.
Max Schrems, a prominent Australian privacy campaigner, has filed four different lawsuits against Facebook Inc. (FB) and Alphabet Inc.’s (GOOGL) Google, totaling £6.7 billion (around $8.8 billion), according to The Inquirer. The cases have been filed in four different countries across Europe as the GDPR no longer requires them to be filed in the country where the company is headquartered.
The lawsuit against Google is worth 3.7 billion euros and is over its Android operating system. The other three cases involve Facebook and its subsidiaries, which are collectively worth 3.9 billion euros. They include one case against Facebook, another one against its WhatsApp messenger and a third one against Instagram.
Schrems is the founder of NOYB—None of Your Business—a non-governmental privacy organization also known as the European Center for Digital Rights. He is best known for a legal challenge to Facebook that led to the scrapping of the Safe Harbour Agreement (SHA). SHA allowed for transfer of user’s data from EU nations to the U.S. Schrems got it nullified as the European Court of Justice ruled in his favor citing that SHA offered no guarantee of Europeans’ fundamental right to privacy in America.
Schrems alleges that both technology giants, who have gathered troves of user data, are using an "all or nothing" approach to user’s privacy by forcing them to give their consent. GDPR prohibits such “forced bundling” of consent seeking and instead advocates for a segregated, informed and specific approach to take user consent for each feature to be used by them.
The provision of fines up to 4% of global revenue for violating GDPR rules could have left Facebook and Google poorer by $1.6 billion and $4.4 billion, respectively, based on last year’s financial figures of the two tech companies. (See also: All You Need to Know About GDPR, the New Data Law.)
Schrems told Financial Times that the fines were “mind-blowing” but he was “astonished” at what he said was companies not even trying to comply with the law. “They totally know that it’s going to be a violation, they don’t even try to hide it.”
For their parts, both Facebook and Google mentioned their commitment to adhere to the necessary compliance.
Other services that took a hit on the first day of GDPR coming into effect. Multiple U.S.-based news websites become inaccessible from Europe, including the Los Angeles Times, Chicago Tribune and Baltimore Sun, which all belong to Tronc Inc. (TRNC). A few U.S.-based apps were also withdrawn from the European market.
Privacy International, another prominent user-protection campaign group, is also set to take on the high and mighty of the technology world. Its legal officer, Ailidh Callander, told the Financial Times that it will write to four data brokers and advertising technology companies asking why they gather certain information and share it with third parties.