- Kellyanne Conway brushes off recession fears, calls it ‘Sesame Street word of the day’ 7 Months Ago
- Conservatives are livid the New York Times is writing articles about slavery 7 Months Ago
- Iceland holds funeral for first glacier to melt 7 Months Ago
- Nonprofit fanfiction database Archive of Our Own wins a Hugo Today 9:59 AM
- Dan Carlin’s ‘War Remains’ is a stunning VR pop-up Today 9:27 AM
- Your wireless data is probably being throttled, study finds Today 9:25 AM
- Mike Judge’s dystopian comedy ‘Idiocracy’ is now streaming on Netflix Today 8:00 AM
- The 2020 Democratic presidential candidates as La Croix flavors Today 7:00 AM
- Crowdsourcing mental healthcare with 7 Cups Today 7:00 AM
- How to unlock hidden filters and effects for Instagram Stories Today 6:00 AM
- In season 2, ‘Succession’ has quietly become one of the best shows on TV Sunday 9:10 PM
- Alexa Demie shares the beauty inspiration behind ‘Euphoria’s’ Maddy Sunday 5:47 PM
- Fans just discovered Lizzo’s old YouTube channel–and it’s full of gems Sunday 4:22 PM
- The ‘Final Destination’ movies are now streaming on Hulu Sunday 2:44 PM
- Marvel asked ‘Maus’ author to remove Trump reference from essay–he refused Sunday 2:02 PM
A privacy organization in Austria has filed complaints against eight major tech companies for allegedly violating the European Union’s General Data Protection Regulation (GDPR).
Companies are required under the GDPR’s “right to access” rule to not only provide users with a copy of all data held about them, but an explanation on how it is used. Max Schrems, director of noyb, says all eight companies failed to fully comply when such requests were made.
“Many services set up automated systems to respond to access requests, but they often don’t even remotely provide the data that every user has a right to,” Schrems said in a press release. “In most cases, users only got the raw data, but, for example, no information about who this data was shared with.”
While some tech firms partially complied, two of the companies, UK sports streaming service DAZN and Germany’s music streaming service SoundCloud, failed to even respond.
“The right of access is a cornerstone of the data protection framework,” noyb writes. “Only when users can get an idea of how and why their data is stored or shared they can realistically uncover violations of GDPR and consequently take action.”
Schrems says the complaints were filed with the Austrian Data Protection Authority on Friday and that penalties against the companies could reach up to 4 percent of their global revenues.
“As GDPR foresees € 20 million or 4% of the worldwide turnover as a penalty, the theoretical maximum penalty across the 10 complaints could be € 18.8 billion,” noyb notes.
Spotify released a statement in response to noyb Friday, alleging that they are “fully compliant” with GDPR.
“Spotify takes data privacy and our obligations to users extremely seriously,” the company said. “We are committed to complying with all relevant national and international laws and regulations, including GDPR, with which we believe we are fully compliant.”
Schrems and noyb filed similar complaints against Facebook and Google last year on the day the GDPR went into effect.
Mikael Thalen is a tech and security reporter based in Seattle, covering social media, data breaches, hackers, and more.