It’s been a week since GDPR came into force. Planes haven’t fallen out of the sky. There have been no more droughts, famines, or riots than normal. Life has, shockingly, found a way to continue.
However, not everything has gone smoothly. The very same day GDPR came into force Facebook, Google, Apple, Amazon and LinkedIn were all targeted with multi-billion dollar lawsuits by privacy activists and consumer rights groups for not complying with their reading of consent under the new regulations. Twitter meanwhile, is blocking any user it thinks was under 13 years old when they signed up to the service (no matter what age they are now) in an effort to be compliant.
The Verge, citing the lawsuits, reported they are seeking to hit Facebook and Google with fines that collectively amount to around $8.8 billion. The lawsuits were filed by Max Schrems, an Austrian activist who has long criticized how the companies collect data on their users.
Under the new regulation, companies have to provide clear consent and justify why they are collecting data on their users, as well as clarify what they intend to do with it. They are also required to overhaul their privacy and data collection policies to better protect consumers.
According to the report, the raft of lawsuits is broken down based on the product, with one being lodged against Facebook and two against Instagram and WhatsApp, which Facebook owns. A lawsuit against Google’s Android operating system has also been filed.
Both companies argue that their measures comply with the GDPR requirements. “We build privacy and security into our products from the very earliest stages, and are committed to complying with the EU GDPR,” Google said in a statement to The Verge. Meanwhile, Facebook said: “We have prepared for the past 18 months to ensure we meet the requirements of the GDPR.”
Salesforce CEO Marc Benioff said this week that the US needs “a national privacy law … that probably looks a lot like GDPR.” His stand is at odds with the likes of IBM, which has been pressing US lawmakers to definitely not adopt the regulations.
The state of California, meanwhile, is mulling its own privacy legislation. The California Consumer Privacy Act of 2018 hasn’t yet been certified for the November election, but would provide consumers with GDPR-like consent option and enable consumers to sue in light of any data breaches.
In Vermont, a new law was passed this week which requires data brokers to register with the state, take standard security measures and notify authorities of security breaches. It also gives consumers the right to take legal action if their data is used for discrimination purposes.
