After the data breach a few months ago and the ongoing court cases, Facebook continues to be in the eye of the storm once again for its data protection policies: just a few hours after the GDPR came into force, Facebook and Google risk fines amounting to billions of euros. The complaint comes from the non-governmental privacy organisation Noyb.eu, in particular from its activist Max Schrems. Schrems claims that the two web giants acted unethically towards their users, forcing them to accept the new policies. The accusation relates precisely to the concept of coercion: the new personal data processing form would in fact put users at a crossroads, between using the services offered by adapting and accepting the full collection of data, or not being able to use them at all (in the case of Facebook, refusal to adhere to the contract would entail deletion of the profile and having to say goodbye to photos and friends, and in the case of Google, the loss of the associated functionalities). Abandoning Facebook and Google is therefore not so easy, also because many people and companies use the services provided by the two giants for work, and suddenly ceasing to use them would create quite a few problems. In addition, one must also consider the ‘other side of the coin’, i.e. the small sites that risk being ‘sacrificed’: users may opt not to accept the new regulations by simply stopping using smaller sites. This results in a clear penalisation, which is not the case, according to Schrems, with large companies and corporations.
Noyb.eu therefore asked the authorities in France, Belgium, Germany and Austria to fine the two companies according to the rules of the GDPR, i.e. 4% of their annual turnover, which in this case would be an insane amount (a few billion euros for both companies). Both have obviously contested the accusations, responding in more or less the same way: ‘We have implemented security and privacy in our products from the earliest embryonic stages and we are committed to being GDPR EU-compliant’, is the statement issued by a Google spokesperson. Very similarly, Erin Egan, chief privacy officer at Facebook commented: ‘Over the past 18 months, we have taken steps to update our products, policies and processes to provide users with meaningful data transparency and control over all the services we provide in the EU’.
Marco Serico