Fresh law requires access to data collected. But almost no one will hand them over.
The Privacy Regulation (GDPR), which threads into force last year, will strengthen and harmonize the privacy of the EU.
Fresh law requires access to data collected. But almost no one will hand them over.
The Privacy Regulation (GDPR), which threads into force last year, will strengthen and harmonize the privacy of the EU.
An Austrian privacy activist who has filed complaints on behalf of ten people now believes that several large companies have violated this law.
Did not pass the test
The law states that consumers have the right to demand access to which data companies have collected about them. Activist Max Schrems, who calls himself Noyb (None Of Your Business), wanted to test this, so he requested data from, among others, YouTube, Netflix, Spotify, Apple, and Amazon.
According to noyb, the companies did not pass the test. Several of the companies provided some data, but far from what the law requires.
For example, none of the companies could provide relevant background information to help consumers find out how their data is being used. However, the GDPR law states that consumers should get this information.
Maybe sky-high fines
The consequences can be serious for the companies that do not comply with the law. GDPR estimates they can penalize companies with up to four percent of their global revenues if breaches of the rules are detected.
- Many services set up automated systems that respond to access requirements. But they are often not close to providing the data that users have the right to see, Schrems says in a statement, adding:
- This leads to a violation of user rights, as these systems are built to withhold information.
Noyb has filed complaints on behalf of ten people. The companies are now expected to respond to the charges.