Approved last year in Europe, the General Data Protection Regulation (GDPR) now requires technology companies to be clearer about how they deal with data and what information they retain from users. Many companies started sending e-mails warning of the policy change already seeking to fit the new regulation. However, an Austrian organization believes that Apple, Amazon and six other companies may not have adapted to the new rules.
According to the lawsuit, NOYB reported that it requested data and such companies failed to send everything the GDPR requires. Currently, the regulations have some basic items.
The first is that the company has to justify the use of the collected data of the users of a precise and specific form. Second, personal data is considered special, so it must be encrypted. Third: the user has to have the right to copy all the data that the company has on it. Finally, the user can also require that all data be erased from the company’s servers.
Last year, Apple, for example, filed an application asking users to request their information for the company. With this, people received, after a few days, a file with everything that Apple keeps from them (which was discovered to be little).
data from 10 different users, with their authorization,
However, NOYB said it requested Apple, Amazon, Netflix, Spotify, YouTube, DAZN, Flimit and SoundCloud data from 10 different users, with their authorization, but “none of them fully complied with” the GDPR.
The NGO is headed by data privacy activist Max Schrems, who explained the issue to Reuters. “Many of the services are programmed with automated systems to respond to these requests, but they usually do not even come close to providing the data each user is entitled to. This leads to a structural breach of user rights, so these systems are built to retain relevant user information. ”
The NGO presented a table that shows the main points analyzed, giving a grade between correct, partially correct or missing. The points are: response to the request, completeness of the requested data, ability to understand the data and background information of the platform. This last point is related to the user’s right to know the sources, reasons why the company has that information and the like.
The table informs that DAZN and SoundCloud simply ignored the request, which put both companies at fault on all issues.
Amazon, Apple, Spotify and YouTube had similar results. There was an immediate response, all four of which offer a page where you can instantly download the data. However, they were partially correct in the amount of data and comprehension capacity. Yet, none of the four provided background information that retains.
Netflix took 27 to 30 days to file a report. However, the data was understandable, but the background information was considered partially complete. Also, the company also did not provide all the required information.
Lastly, the company that performed best on the application was Flimit. It had correct performance in response (around 30 days), data requests and readability. However, the NGO considered the information behind the scenes of the company to be flawed.
With this, it is possible that such companies may undergo a process of investigation. If the European Parliament considers that the companies did not in fact guarantee access to such information, companies could be fined up to 4% of their overall revenues.
In the cases of Apple, Amazon and YouTube, this means a loss in the billions of euros.
So far, this is just a complaint that may or may not be upheld by the GDPR bodies.