- Alexandria Ocasio-Cortez supports resolution that could lead to Trump’s impeachment Thursday 9:46 PM
- Ricardo Milos dancing memes are the new Rickroll Thursday 9:09 PM
- Laura Loomer sues Twitter, Muslim lobbying group over account ban Thursday 8:15 PM
- Far-right troll Ian Miles Cheong gets flamed for mocking a ‘Star Wars’ fan Thursday 6:17 PM
- Facebook says ‘millions,’ not ‘tens of thousands,’ affected by Instagram password bug Thursday 5:13 PM
- Leading 2020 Democrats mock redactions in Mueller report Thursday 4:04 PM
- 8 weed accessories for stealthy stoners Thursday 4:00 PM
- Super Smash Bros. Ultimate players are now fighting on giant d*cks Thursday 3:37 PM
- Why are Facebook and Google translating this Spanish word into a racial slur? Thursday 3:32 PM
- Instagram page encourages meme creators to join a meme union Thursday 3:24 PM
- 28 smokin’ hot gifts for your stoner friend Thursday 1:33 PM
- The 5 most important conclusions from Robert Mueller’s report Thursday 1:28 PM
- Facebook bans many of the U.K.’s infamous far-right groups Thursday 1:15 PM
- Cersei and Tyrion Lannister learned about respect from Elmo Thursday 12:57 PM
- The Mueller Report includes a footnote about the pee tape Thursday 12:08 PM
Privacy group files complaints against Netlifx, Spotify for GDPR violations
Eight major companies accused by advocacy group of violating the EU’s privacy rules
A privacy organization in Austria has filed complaints against eight major tech companies for allegedly violating the European Union’s General Data Protection Regulation (GDPR).
Companies are required under the GDPR’s “right to access” rule to not only provide users with a copy of all data held about them, but an explanation on how it is used. Max Schrems, director of noyb, says all eight companies failed to fully comply when such requests were made.
“Many services set up automated systems to respond to access requests, but they often don’t even remotely provide the data that every user has a right to,” Schrems said in a press release. “In most cases, users only got the raw data, but, for example, no information about who this data was shared with.”
While some tech firms partially complied, two of the companies, UK sports streaming service DAZN and Germany’s music streaming service SoundCloud, failed to even respond.
“The right of access is a cornerstone of the data protection framework,” noyb writes. “Only when users can get an idea of how and why their data is stored or shared they can realistically uncover violations of GDPR and consequently take action.”
Schrems says the complaints were filed with the Austrian Data Protection Authority on Friday and that penalties against the companies could reach up to 4 percent of their global revenues.
“As GDPR foresees € 20 million or 4% of the worldwide turnover as a penalty, the theoretical maximum penalty across the 10 complaints could be € 18.8 billion,” noyb notes.
Spotify released a statement in response to noyb Friday, alleging that they are “fully compliant” with GDPR.
“Spotify takes data privacy and our obligations to users extremely seriously,” the company said. “We are committed to complying with all relevant national and international laws and regulations, including GDPR, with which we believe we are fully compliant.”
Schrems and noyb filed similar complaints against Facebook and Google last year on the day the GDPR went into effect.
Mikael Thalen is a freelance journalist based in Seattle, covering all things technology, including social media, data breaches, hackers, and more.