Right on the heels of last week's deadline for companies to come into compliance with the GDPR, lawsuits were filed against Google, Facebook, Instagram, and WhatsApp, alleging violations of the new law. And unfortunately for Facebook, the company owns both Instagram and WhatsApp.
An Austrian privacy activist filed each of the cases alleging that the "take it or leave it" privacy policies offered by these major tech companies violate the GDPR. Each lawsuit seeks to fine Facebook and Google over $4 million each. The law can impose fines on organizations that violate it of over $20 million or 4 percent of an organization's annual revenue.
What's This GDPR?
The General Data Protection Regulations (GDPR) was passed in 2016 by the E.U. to apply to businesses that do business, or have websites that collect data, in countries in the European Union. Basically, companies need to get explicit permission to share user data and collect information, as well as be transparent about how that data is shared. The E.U. is serious about data privacy apparently, and cases like the ones just filed against Google and Facebook are likely to be test cases to see just how the law will be enforced.
What Info Does Your Company Collect?
If you're counsel for any company that has a website that allows visitors to sign up for newsletters, accounts, or make purchases, and you haven't updated your privacy policies and looked at your data collection, use, and retention policies, it's high time to do so.