In House - The FindLaw Corporate Counsel Blog

Facebook, Google Already Facing Big GDPR Lawsuits

Right on the heels of last week's deadline for companies to come into compliance with the GDPR, lawsuits were filed against Google, Facebook, Instagram, and WhatsApp, alleging violations of the new law. And unfortunately for Facebook, the company owns both Instagram and WhatsApp.

An Austrian privacy activist filed each of the cases alleging that the "take it or leave it" privacy policies offered by these major tech companies violate the GDPR. Each lawsuit seeks to fine Facebook and Google over $4 million each. The law can impose fines on organizations that violate it of over $20 million or 4 percent of an organization's annual revenue.

What's This GDPR?

The General Data Protection Regulations (GDPR) was passed in 2016 by the E.U. to apply to businesses that do business, or have websites that collect data, in countries in the European Union. Basically, companies need to get explicit permission to share user data and collect information, as well as be transparent about how that data is shared. The E.U. is serious about data privacy apparently, and cases like the ones just filed against Google and Facebook are likely to be test cases to see just how the law will be enforced.

For the companies' parts, both claim to have worked hard to craft policies that are in compliance with the GDPR. Curiously though, one of the provisions requires privacy policies be drafted in plain language, yet the result of many GDPR privacy policy updates has been longer privacy policies (that will likely go just as ignored as the previous ones, if not more so given the flurry of recent emails).

What Info Does Your Company Collect?

If you're counsel for any company that has a website that allows visitors to sign up for newsletters, accounts, or make purchases, and you haven't updated your privacy policies and looked at your data collection, use, and retention policies, it's high time to do so.

Related Resources: