Facebook and Google got hit hard on the first day of the General Data Protection Regulation (GDPR) enforcement and the lawsuits kept piling up – the companies are accused of coercing their users into sharing their personal data.
GDPR requires clear consent for any personal data collected from users and it has pushed companies all across the internet to revise their privacy policies. So far, Google and Facebook have put out new policies that are GDPR compliant, but Max Schrems, a critic of the companies’ data collection practices and privacy activist who filed the lawsuits, complains that their policies have not gone far enough.
He singles out a practice where companies obtain user consent by asking users to check a box so they can access services. It is a widespread practice but the argument is that this forces users into the choice, which also happens to be a violation of the GDPR’s contingency about particularized consent.
Both companies have disputed the charges, arguing that they have prepared for months to ensure the GDPR requirements have been met. If they lose their cases, the penalty will not be harsh; so far, the lawsuits have added up to 3.9 billion euros for Facebook and 3.7 billion euro for Google (that’s a staggering combined total of $8.8 billion).
The lawsuits are set to last for a while so in the meantime, so we likely won’t hear any news (or see payouts) in the near future.