GDPR is here

Google and Facebook accused of breaking GDPR laws

Complaints have been filed against Facebook, Google, Instagram and WhatsApp within hours of the new GDPR data protection law taking effect.

The companies are accused of forcing users to consent to targeted advertising to use the services.

Privacy group noyb.eu led by activist Max Schrems said people were not being given a "free choice".

If the complaints are upheld, the websites may be forced to change how they operate, and they could be fined.

What's the issue?

The General Data Protection Regulation (GDPR) is a new EU law that changes how personal data can be collected and used. Even companies based outside the EU must follow the new rules if offering their services in the EU.

In its four complaints, noyb.eu argues that the named companies are in breach of GDPR because they have adopted a "take it or leave it approach".

The activist group says customers must agree to having their data collected, shared and used for targeted advertising, or delete their accounts.

This, the organisation suggests, falls foul of the new rules because forcing people to accept wide-ranging data collection in exchange for using a service is prohibited under GDPR.

"The GDPR explicitly allows any data processing that is strictly necessary for the service - but using the data additionally for advertisement or to sell it on needs the users' free opt-in consent," said noyb.eu in a statement.

"GDPR is very pragmatic on this point: whatever is really necessary for an app is legal without consent, the rest needs a free 'yes' or 'no' option."

Privacy advocate Max Schrems said: "Many users do not know yet that this annoying way of pushing people to consent is actually forbidden under GDPR in most cases."

The complaints were filed by four EU citizens with local regulators in Austria, Belgium, France and Germany.

US news sites unavailable to EU users over data protection rules

A number of high-profile US news websites are temporarily unavailable in Europe after new European Union rules on data protection came into effect.

The Chicago Tribune and LA Times were among those posting messages saying they were currently unavailable in most European countries.

The General Data Protection Regulation (GDPR) gives EU citizens more rights over how their information is used.

The measure is an effort by EU lawmakers to limit tech firms' powers.

Under the rules, companies working in the EU - or any association or club in the bloc - must get express consent to collect personal information, or face hefty fines.

What is GDPR?

Lawmakers in Brussels passed the new legislation in April 2016, and the full text of the regulation has been published online.

Misusing or carelessly handling personal information will bring fines of up to 20 millions euros ($23.4m;£17.5m), or 4% of a company's global turnover.

In the UK, which is due to leave the EU in 2019, a new Data Protection Act will incorporate the provisions of the GDPR, with some minor changes.

All EU citizens now have the right to see what information companies have about them, and to have that information deleted.

Companies must be more active in gaining consent to collect and use data too, in theory spelling an end to simple "I agree with terms and conditions" tick boxes.

Companies must also tell all affected users about any data breach, and tell the overseeing authority within 72 hours.

Each EU member state must set up a supervisory authority, and these authorities will work together across borders to ensure companies comply.

Lagamorph wrote:And the amount of emails from places that will never be able to contact me again because I don't reply is glorious.

Preezy wrote:Our Data Protection Officer at my work has gone waaaay too far and is now insisting that ANY email communications (internal as well as external) that contain ANY personal data in have to be password protected. All of our emails have our full names in our signatures, so I guess that means I have to password protect every single email I send

Such a joke, so overkill and it's pissing everyone in the business off. I'm predicting a massive climbdown and everything returning to normal before too long.

Green Gecko wrote:...so we don't require consent. In case anyone wonders, I am the data officer. So there you go.

Green Gecko wrote:Well. To be fair the legislation was introduced 2 years ago. I'm admiring of the organisations that have prepared for it months in advance and are already complaint.

It's a good piece of legalisation.