GDPR has forced many companies to change data handling processes. However some are choosing questionable paths to keep collecting data from users. The the Norwegian Consumer Council (NCC) – which recently accused Nintendo of illegally denying EU customers refunds, claims that Facebook, Google and Microsoft are influencing user behavior, pushing them away from privacy-friendly options in an “unethical” way.
Breaching GDPR rules
The report mentions intrusive default settings and unclear wording, which gives users an illusion of control, and hides privacy-friendly choices. Another factor mentioned is the take-it-or-leave-it approach which forces the users to choose between not using the service or accept the conditions.
This also includes current users of the service, who see loss of functionality or deletion of the account if they don’t accept the privacy terms.
One example mentioned is the Facebook facial recognition feature. If a user opts to disable the feature, Facebook warns that users “won’t be able to use this technology if a stranger uses your photo to impersonate you”.
The report describes Google’s privacy dashboard as convoluted, “discouraging users from changing or taking control of the settings or delete bulks of data”. Microsoft had a more positive outlook recently integrating the requirement for users to actively opt into data collection.
The three companies had similar responses to the reports describing the long period preparing policies and privacy terms for GDPR.
Major tech companies have been preparing for GDPR for months. However, as implied by this report some are using methods that are not entirely transparent.
Google and Facebook rely heavily on advertising as a revenue source. It is then no surprise to see the two companies trying to test the waters with GDPR.
First lawsuits against Google and Facebook
Google and Facebook are currently facing 6.7 billion pounds in fines, a lawsuit triggered by te Austrian privacy group on the first day GDPR came into force. The group claims the companies are not doing enough to be compliant with GDPR.
Last week Google was hit with a 4.34 billion euro fine from the EU antitrust regulators. Certainly they will be an easy target if EU regulators decide to scrutinize GDPR measures.
The future will tell whether we will see bigger companies changing the way they conduct business.
vBoxx has been preparing for the GDPR well before the 25th of May. We host all of client data in our own servers and we make sure your data remains secure and private.