Austrian data privacy activist files complaint against Apple, Amazon, others
Austrian lawyer and privacy activist Max Schrems checking his mobile phone in his office in Vienna.
VIENNA (Reuters) – Apple and Amazon are among eight tech firms named in a complaint filed in Austria by non-profit organisation noyb, which cited their failure to comply with the European Union’s General Data Protection Regulation (GDPR).
The action by noyb, chaired by data privacy activist Max Schrems, also named Netflix, Spotify and YouTube, after it tested them by requesting private data the companies hold about the user.
“No service fully complied,” noyb said in its statement.
The GDPR, implemented in May, gives users the right to access their data and information about the sources and recipients of the data. Social networks must regain Europeans’ consent every time they want to use their data in new ways, including for targeted advertising.
The GDPR foresees fines of up to 4 percent of global revenues for companies that break the rules.
In response to the complaint, Amazon said it has introduced a new “Privacy Help” page which shows customers how they can manage their information across its platforms.
“We comply with any request from a data subject to provide access to the personal data that Amazon is processing,” Amazon said on Friday.
Noyb said it filed its complaints with the Austrian authority on behalf of 10 users. The Austrian watchdog would have to work with its counterparts at the streaming services’ main establishments.
“Many services set up automated systems to respond to access requests, but they often don’t even remotely provide the data that every user has a right to,” Schrems said. “This leads to structural violations of users’ rights, as these systems are built to withhold the relevant information.”
Schrems is a veteran privacy campaigner who took his first legal action against Facebook as a student in 2011.
Now a lawyer, Schrems filed complaints last year against Google, Facebook, Instagram and WhatsApp, arguing they were acting illegally by forcing users to accept intrusive terms of service or lose access.