Amazon, Apple, Others met with GDPR complaints, maximum penalties of EUR 18.8 billion

Noyb, a European non-profit enforcement organization that focuses on data protection issues at the European level, has filed 10 DSDPR complaints against eight online streaming companies for violations of its privacy policy on behalf of ten users it represents Article 15.

"As the DSGVO provides as punishment 20 million euros or 4% of global sales, the theoretical maximum penalty for the 10 complaints could be 18.8 billion euros," says Noyb.

According to Max Schrems, director of Noyb, all of these companies (ie Amazon, Apple, DAZN, Spotify, SoundCloud, YouTube, Flimmit, Netflix) have been tested to see if they have the "Right of Access to Privacy Policy" (GDPR). comply with the provision described in Article 15 of the EU Regulation.

Complaints about "right of access" to violations

The "right of access" grants all EU citizens the right to obtain a copy of all raw data owned by a company about the user, as well as additional information about the sources and recipients of the data and the purpose for which the data is available or information about the countries where the data is stored and how long it has been stored. "

After examining the right of access to compliance for the eight companies, noyb stated that none of the eight streaming companies fully complied with Schrems, saying that they all had "structurally violated" EU data protection laws.

According to the director of Noyb:

Many services set up automated systems to respond to access requests, but they often do not even provide the data every user has a right to access. In most cases, users only received the raw data, but no information about who shared that data. This leads to structural violations of user rights, as these systems serve to retain the relevant information.

Of all the streaming services addressed during the noyb test, DAZN and SoundCloud were the only ones that completely ignored the data requests.

Those who responded either provided incomplete or incomprehensible data, as was the case with the raw data and background information for the user, or were completely absent, since only Netflix and Flimmit were able to provide partial background information to the user in their responses.

Table of all complaints submitted against the eight online streaming services

The GDPR is a privacy and privacy policy that came into effect in the European Union on 25 May 2018 and was used immediately by noyb to bring four lawsuits against Google, Instagram, WhatsApp and Facebook on the day on which the new legislation came into force from "enforced consent".

As Schrems points out in the complaints, the four companies breached Article 7 (4) because they did not provide users with individual consent for data processing.

Several other top-class companies for which GDR complaints were submitted

In November 2018, Google was accused of GDPR complaints by several consumer groups, according to the European Consumer Organization, due to misleading practices in determining the location of users.

Also in November, Acxiom, Oracle, Criteo, Quantcast, Tapad, Equifax and Experian were the subject of a DSGVO complaint filed by the Privacy International User Group, collecting millions of users' data and creating user profiles.

Twitter was also investigated by the Irish Data Protection Commission (DPC) in October 2018 after data protection researcher Michael Veale of University College London filed a complaint in August for refusing to reply to a link tracking request.