A new European Union law regulating internet privacy has already led to numerous lawsuits against Google and Facebook.
The suits were filed by Austrian Internet privacy advocate Max Schrems, who argues the internet companies live up to the intent of the GDPR law that went into effect earlier this month. According to Vox:
GDPR requires clear consent and justification for any personal data collected from users, and these guidelines have pushed companies across the internet to revise their privacy policies and collection practices. But there is still widespread uncertainty over how European regulators will treat the requirements, and many companies are still unpreparedfor enforcement.
Both Google and Facebook have rolled out new policies and products to comply with GDPR, but Schrems’ complaints argue those policies don’t go far enough. In particular, the complaint singles out the way companies obtain consent for the privacy policies, asking users to check a box in order to access services. It’s a widespread practice for online services, but the complaints argue that it forces users into an all-or-nothing choice, a violation of the GDPR’s provisions around particularized consent.
The suits come as companies have scrambled to put in place policies to comply with the internet privacy law. Some American newspapers, including the Tronc-owned Chicago Tribune and Los Angeles Times, chose to go dark in Europe, TechCrunch reports:
While Tronc deemed its European readership disposable, at least in the short-term, most major national U.S. outlets took a different approach, serving a cleaned-up version of their website or asking users for opt-in consent to use their data. NPR even pointed delighted users toward a plaintext version of their site.