The GDPR is only in its first week of business and already Facebook and Google have been slapped with a flurry of lawsuits accusing them of coercing users into accepting their data collection policies. The actions have been undertaken by Max Schrems, the Austrian privacy campaigner who previously filed a complaint against Facebook with the Data Protection Commissioner (the “DPC”) in 2013 which ultimately led to the Safe Harbour agreement (the mechanism used by thousands of companies to transfer data to the US) being declared invalid by the European courts.
Mr Schrems is accusing Facebook of blackmail for only affording users two options; accept the rules regarding its use of data or to deactivate their account. Mr Schrems and his non-profit organisation “None Of Your Business” filed four complaints under the GDPR; against Facebook, Instagram and WhatsApp, and another against Google’s Android via data regulators in Austria, Belgium and Hamburg. Under GDPR complaints no longer have to be filed in the European country where a company has its headquarters.
Along with considering the viability of the tech model of giving free online services in return for user data under the GDPR, these complaints will illustrate the complex application of the GDPR with regard to the co-operation and liaising between European supervisory authorities to manage complaints.