Max Schrems, a European privacy activist - best known for bringing down “Safe Harbour” – has filed complaints against four of the biggest US tech giants under the new EU General Data Protection Regulation (GDPR). According to Max Schrem’s non-profit organisation, None of Your Business, the complaints were filed on Friday 25 May, coincidentally (some might argue too coincidentally), the very first day of GDPR’s entry into force; and are said to be worth a combined total of over EUR 7 billion, in maximum imposable penalties.
The legal complaints, issued on behalf of affected individuals, relate to the alleged use of “forced consent” – on the basis that this form of consent contravenes not only the strict requirements for consent under the GDPR but also the very essence of the GDPR, namely putting individuals back in control of their data. Although the move by Schrems comes as no surprise, some are questioning the true motive of his latest attack; with the suggestion that this might be a veiled competitive attack on US tech companies operating within the EU tech space. Such a suggestion would in fact, reflect the views of some that the EU is waging war against the so-called “US tech giants” and is particularly interesting, when considered alongside the fact that Schrems is now empowered by the threat of larger fines and the deep societal mistrust relating to data use in the wake of the Cambridge Analytica scandal.
While the impact of Schrem’s latest legal challenge is yet to be determined, it does serve as a warning sign to us all: the GDPR is here and people are not afraid to use it.