Google and Facebook still rely on “invasive” methods of data collection, hence going against the spirit of the General Data Protection Regulation that went into effect in the European Union late last month, the Norwegian Consumer Council said Wednesday. The default data options offered to Facebook and Google users are aggressively geared toward forcing consent to as many data collection programs as possible, regardless of whether one is interested in utilizing their full portfolios or just individual services, according to the NCC’s study. While it’s still unclear whether those practices are illegal under GDPR, they go against the spirit of the law, as suggested by the same report.
Privacy enforcement NGO noyb.eu laid out similar arguments in late May as part of its day-one GDPR complaints against Google and Facebook, both of which are likely to make their way to the court of law. The NCC’s digital services director Finn Myrstad said the tech giants’ privacy practices demonstrate “a lack of respect for their users” and stand in opposition to GDPR’s goals. One of the strictest data privacy laws that ever went into effect in the West is meant to make data collection, management, and utilization practices more transparent, allowing consumers to easily identify what kind of information private companies have on them and in what manner are they leveraging it.
Many industry experts remain adamant that GDPR may still be a failure as its real-world applications remain unclear. The European Commission and EU member states have yet to clarify how often are they planning on conducting compliance audits and while the legislation allows for fines of up to two percentage points of any violator’s annual revenue, it’s unlikely such measures will be issued for user privacy transgressions anytime soon. As Facebook and Google primarily deal in nominally free services, collecting and leveraging user data is their main method of generating revenue.