Some of the biggest internet companies are not on board with Europe’s new rules to protect personal data.
The General Data Protection Regulation, which regulates processing of personal data, applies to companies like Facebook, Google, and Amazon. According to reports, however, the tech giants have not complied with GDPR standards.
Regulators are questioning why. But when Facebook alone has five times more users than the population of the entire EU, is there really a question?
BEUC, which represents consumer organizations in 32 European countries, says that 14 of the largest internet companies use unclear language for users to understand how the companies use their data. The group analyzed the companies’ privacy policies and flagged lines that were vague or overreaching when getting users to consent.
“A little over a month after the GDPR became applicable, many privacy policies may not meet the standard of the law,” said Director General Monique Goyens. “This is very concerning.”
For example, Amazon warns users that its privacy notice “will change.” That is a “problematic permission,” the BEUC says, because it allows the company to change privacy policies without user consent.
Google and Facebook have problems, too. According to the report, the companies also collect personal information without specifying how they use it.
Agree or Delete
Max Schrems, chair of the European consumer rights group Noyb, says Facebook, Instagram, WhatsApp and Google’s Android, force users into agreeing to new terms of service. That violates the GDPR.
“Facebook has even blocked accounts of users who have not given consent,” he told the Guardian. “In the end users only had the choice to delete the account or hit the agree button.”