Facebook, Google hit with multi-billion dollars lawsuits on first day of GDPR privacy and consent rules

On day one of the new GDPR privacy and consent rules in the European Union, Google (and its Android operating system) and Facebook (including WhatsApp and Instagram) were served with lawsuits that allege the companies “coerce users” into sharing personal data in violation of the law.

The lawsuits are asking for more than $8 billion (U.S. dollars) in fines from each company.

Max Schrems is an Austrian lawyer and known as a privacy activist that’s taken Facebook to court before over privacy issues. He’s the guy behind the lawsuits and head of a lobbying group with a great name: nyob. It’s stands for None of Your Business. The Irish Times reports that Schrems is accusing Facebook of “blackmail” for providing only two options: Either hand over data that is more than needed to operate the service, or delete your account.

The “more than needed” is a key point in the lawsuit. According to GDPR, companies can only collect information needed for specific purposes and must delete information when the purpose is complete. Facebook collects data which it uses to create targeted advertising, which they say is a core component of the service. Schrems disagrees.

“It’s simple: Anything strictly necessary for a service does not need consent boxes anymore. For everything else users must have a real choice to say ‘yes’ or ‘no’. In the end users only had the choice to delete the account or hit the “agree”-button — that’s not a free choice, it more reminds of a North Korean election process.” – Max Schrems in a statement, as reported in TechCrunch.

The lawsuits also claims “forced consent” especially when it comes to operating a phone with the Android operating system. Users, it claims, are forced to turn over personal data in order to use the phone they purchased.

“Already lawsuits worth billions of euros have been filed in Austria, Belgium and Hamburg against Facebook and its subsidiaries, and we expect this trend to continue,” said Jason Remillard, CEO and founder of Data443 Risk Mitigation, Inc. in a news release. “As the regulation plays out and the longer companies wait to respond, the risk will grow.