- R. Kelly charged in Chicago with multiple counts of sex abuse Friday 7:51 PM
- Elon Musk finally hosts PewDiePie’s meme review Friday 6:27 PM
- Netflix throws ‘Umbrella Academy’-themed wedding for fans Friday 4:54 PM
- Report: Facebook collects app data on users’ body weight, menstrual cycles Friday 3:38 PM
- Amy Klobuchar reportedly ate salad with a comb, and Twitter’s got questions Friday 2:47 PM
- Nobody likes Spotify’s new update Friday 2:34 PM
- Student assaulted on campus while tabling for right-wing group Friday 1:56 PM
- Kim Kardashian West sues fashion company for using her likeness to sell clothes Friday 1:12 PM
- The Oscar-nominated movies you’ll actually want to watch again Friday 12:56 PM
- Viral graphic shows the moment Apple became the top brand Friday 12:27 PM
- Jake Paul calls out KSI for a YouTube boxing match Friday 11:31 AM
- This elementary school made students play ‘runaway slave’ Friday 11:20 AM
- ‘Captain Marvel’ is already a box office hit Friday 11:06 AM
- This ‘buff bunny vs. small bunny’ meme is here for when you’re feeling inferior Friday 10:53 AM
- Ocasio-Cortez slams trolls who come at her with ‘weak’ memes Friday 10:52 AM
Privacy group files complaints against Netlifx, Spotify for GDPR violations
Eight major companies accused by advocacy group of violating the EU’s privacy rules
A privacy organization in Austria has filed complaints against eight major tech companies for allegedly violating the European Union’s General Data Protection Regulation (GDPR).
Companies are required under the GDPR’s “right to access” rule to not only provide users with a copy of all data held about them, but an explanation on how it is used. Max Schrems, director of noyb, says all eight companies failed to fully comply when such requests were made.
“Many services set up automated systems to respond to access requests, but they often don’t even remotely provide the data that every user has a right to,” Schrems said in a press release. “In most cases, users only got the raw data, but, for example, no information about who this data was shared with.”
While some tech firms partially complied, two of the companies, UK sports streaming service DAZN and Germany’s music streaming service SoundCloud, failed to even respond.
“The right of access is a cornerstone of the data protection framework,” noyb writes. “Only when users can get an idea of how and why their data is stored or shared they can realistically uncover violations of GDPR and consequently take action.”
Schrems says the complaints were filed with the Austrian Data Protection Authority on Friday and that penalties against the companies could reach up to 4 percent of their global revenues.
“As GDPR foresees € 20 million or 4% of the worldwide turnover as a penalty, the theoretical maximum penalty across the 10 complaints could be € 18.8 billion,” noyb notes.
Spotify released a statement in response to noyb Friday, alleging that they are “fully compliant” with GDPR.
“Spotify takes data privacy and our obligations to users extremely seriously,” the company said. “We are committed to complying with all relevant national and international laws and regulations, including GDPR, with which we believe we are fully compliant.”
Schrems and noyb filed similar complaints against Facebook and Google last year on the day the GDPR went into effect.
Mikael Thalen is a freelance journalist based in Seattle, covering all things technology, including social media, data breaches, hackers, and more.