Facebook and Google accused of GDPR ‘forced consent’

It turns out that imposing extra layers of bureaucracy on companies can bring about unintended consequences, who knew?

Among the inevitable deluge of emails sent by companies desperate to be seen to be doing the bare minimum in compliance with the General Data Protection Regulation (GDPR) that came into effect in Europe today, have been those requesting blanket opt-ins. They usually feature handy one-click buttons that most people presumably use just to be able to put this trying week behind them. The underlying threat is that users either agree to everything or get kicked off the service.

Campaigning group noyb.eu (none of your business), headed by prominent data privacy complainer Max Schrems, is not happy with how Facebook and Google have gone about interacting with their users on this matter. So it has filed complaints against the two and also Facebook subsidiaries Instagram and WhatsApp, in four different countries to make sure it’s nice and pan-European.

“The GDPR prohibits such forced consent and any form of bundling a service with the requirement to consent (see Article 7(4) GDPR),” says the complaint. “Consequently access to services can no longer depend on whether a user gives consent to the use of data. On this issue a very clear guideline of the European data protection authorities has already been published in November 2017.

Using language apparently taken from the pages of 50 Shades of Grey, companies seem to be imposing forced consent on their users in order to achieve basic compliance with the GDPR regulations. But if this complaint has merit, which it seems to, then these tech giants might end up getting a thorough spanking from the European Commission.