Facebook & Google sued to the tune of £6.7bn for violating GDPR

Facebook & Google sued to the tune of £6.7bn for violating GDPR

Legislation/GDPR / Facebook & Google sued to the tune of £6.7bn for violating GDPR

Facebook & Google sued to the tune of £6.7bn for violating GDPR

It has barely been a week since GDPR came into force in Europe, but lawsuits filed against the likes of Facebook and Google, totalling roughly £6.7 billion, has given us an indication of how the privacy legislation will keep social media giants and mass collectors of customer data on their toes.

Max Schrems, an Austrian privacy campaigner, has filed three lawsuits against both Facebook and Google, claiming that both internet giants are "deliberately" taking an "all or nothing" approach to privacy and that they are basically forcing their users into accepting their privacy policies.

"All or none" approach to privacy

For instance, he claims that Facebook is giving its users in Europe two options: Either to accept its privacy policies in full or to deactivate their accounts. At the same time, Facebook is also obtaining consent to display ads and to market products and services by stating that such consent is “necessary to fulfill our Facebook Terms of Service or Instagram Terms of Use”.

"If this is what the controller has attempted, then this is nothing more than an aggressive and absurd attempt to deprive data subjects of their rights under Article 6(1)(a), 7 and 9(2)(a) of the GDPR, by wrapping this consent into civil-law arrangement. Any such “agreement” must be interpreted as what it really is: a consent provision camouflaged as a “contractual obligation” by the controller and moved into the civil-law terms," he said in the lawsuit filed against Facebook.

Schrems further alleges that Facebook is placing numerous pop-up windows and reminders on its webpage and apps, making it clear that consenting to the privacy policy and terms is the only way a user can maintain access to his account and therefore be able to use the said services. Users are also presented with "I AGREE" as the sole real option on the Facebook app and are therefore unable to opt out. The alternative offered by Facebook is deletion of the user's Facebook account.

"The controller used additional “tricks” to pressure the users: For example, the consent page included two fake red dots (violation against Article 5(1)(a) – neither “fair”, nor “transparent”), that indicated that the user has new messages and notifications, which he/she cannot access without consenting – even if the user did not have such notifications or messages in reality," he added.

Huge fines under GDPR

Because of the said violations, Schrems stated in the suit that since Facebook earned a revenue of £30.23 billion, it must pay the maximum fine of £1.14 billion which is roughly 4 percent of the company's worldwide revenue.

As far as Google is concerned, Schrems alleged that the company, like Facebook, is also taking the "all or none" approach to privacy. Those buying new smartphones running Android operating systems are being asked to consent to all privacy policies or simply carry “a 1,000-euro brick” that just won't work.

Commenting on the twin lawsuits on Facebook and Google, Adrian Bisaz, VP EMEA at CyberProof said that thanks to GDPR, companies can become the target of millions of customers that want to make sure their new rights for privacy are met, and Facebook and Google as the most well-known tech giants are inevitably going to be in the crossfires when the lawsuits start rolling in, particularly in the wake of the Cambridge Analytica scandal.

"The interpretation of the new rules and the way companies (and indeed legislators) will react to these new demands might still take time to sort out. What is not in any doubt is that companies need to take these new regulations serious and make sure they comply to the regulations, otherwise it is not just fines that will become an issue but also companies reputation and consumers satisfactions," he added.


Facebook could end up paying £12,500 to each UK Facebook user as compensation

UK businesses to receive unprecedented data requests following GDPR rollout

The following two tabs change content below.

Jay Jay

Jay has been a technology reporter for almost a decade. When not writing about cybersecurity, he writes about mobile technology for the likes of Indian Express, TechRadar India and Android Headlines


Get the latest cyber news in your inbox

Join our community of cyber professionals today!