Shop Catalog (CC-BY)
General Data Protection Regulation, or GDPR, has only been in effect for only one day, and it’s already causing chaos. Some tech companies are getting targeted with GDPR complaints via lawsuits, while other sites—unable to comply in time—have simply banned access to European web visitors.
GDPR is a framework for protecting citizens’ data in the digital age. One of its core policies is that companies must get explicit consent from users before they can collect their data. Privacy and security policies must also be worded in clear, easy-to-understand language. Tech firms have been working to shore up their apps and sites for the launch of GDPR for months, but some privacy supporters don’t think these companies have done enough.
Perhaps most notably, Facebook and Google have been hit with more than $8.8 billion in lawsuits in one day, the Verge reports. Austrian privacy advocate Max Schrems filed the two suits, seeking 3.9 billion euros from Facebook (targeting Instagram and WhatsApp within that sum, as well) and 3.7 billion euros from Google over its Android operating system.
Schrems says that these companies’ new policies don’t go far enough in adhering to the tenets of GDPR. Specifically, by asking users to simply mark a checkbox for compliance, “it forces users into an all-or-nothing choice, a violation of the GDPR’s provisions around particularized consent,” the Verge explains.
Both Google and Facebook have issued statements reasserting their commitment to the new data and privacy laws. “We build privacy and security into our products from the very earliest stages and are committed to complying with the EU GDPR,” Google said in its statement.
Facebook said, “We have prepared for the past 18 months to ensure we meet the requirements of the GDPR.”
Other companies clearly waited until the last minute to begin considering the effects of GDPR on their business. Some U.S. websites—namely news sites—have simply blocked European web users from accessing their stories. The Chicago Tribune, New York Daily News, Los Angeles Times, and other publications were unavailable to many in Europe.
Visitors to these sites saw the following message: “Unfortunately, our website is currently unavailable in most European countries. We are engaged on the issue and committed to looking at options that support our full range of digital offerings to the EU market.”
Companies found to be in violation of GDPR can face fines up to 20 million euro ($23.4 million).
H/T the Verge