Europe’s data protection law went into effect on Friday and technology giants Facebook and Google are already facing multi-billion dollar lawsuits for failing to comply with the General Data Protection Regulation. The 3.9 billion euro suit against Facebook and 3.7 billion euro suit against Google were filed by pro-privacy advocate Max Schrems, an Austrian lawyer, on behalf of unnamed individuals affected by products such as Facebook, WhatsApp, Instagram, and Google’s Android operating system. The total lawsuit amounts to nearly $9 billion.
As a long-time critic of Facebook, Schrems argued that the company is violating a provision of GDPR by forcing users to consent to share their personal data, and that the company has gone as far as blocking accounts of users who have not given consent. “In the end users only had the choice to delete the account or hit the “agree”-button — that’s not a free choice, it more reminds of a North Korean election process,” he said in a statement published on TechCrunch.
Speaking at the Paris VivaTech conference on Tuesday, Facebook CEO Mark Zuckerberg defended the company’s ad practices, arguing that “the vast majority of people choose to opt in to make it so that we can use the data from other apps and websites that they’re using to make ads better.” However, he didn’t go as far as offering users a choice on declining advertising, and the only option right now is quitting the network.
A similar lawsuit filed against Google alleged that users are forced to share their personal data to be able to use an Android device. Both Google and Facebook deny the allegations of GDPR violations, stating that they are fully complying with the new laws. “We build privacy and security into our products from the very earliest stages,” Google’s statement to The Verge reads.
“We have made our policies clearer, our privacy settings easier to find and introduced better tools for people to access, download, and delete their information,” Facebook’s Chief Privacy Officer Erin Egan wrote in a statement sent to various media publications, noting that the company had been preparing for GDPR for the past 18 months. “Our work to improve people’s privacy doesn’t stop on May 25th. For example, we’re building Clear History: a way for everyone to see the websites and apps that send us information when you use them, clear this information from your account, and turn off our ability to store it associated with your account going forward.”
If the allegations prove true, Google and Facebook stand to lose even more money, as regulators can impose fines of up to four percent of global revenue. The tough privacy laws have even forced some companies, like Pinterest-owned InstaPaper, to temporarily shutdown until it can comply. It’s unclear if European regulators will impose strict fines for first-time offences given that GDPR just recently went into effect.
“We probably will not immediately have billions of penalty payments, but the corporations have intentionally violated the GDPR, so we expect a corresponding penalty under GDPR,” Schrems said in a statement.