No time has been wasted in leveraging the consumer rights granted by the European Union's and European Economic Area's General Data Protection Regulation. On the same day of its implementation, the European Center for Digital Rights (noyb) has filed four complaints concerning forced consent to revised privacy policies by companies, three of which are for Facebook-controlled networks. The fourth complaint was filed towards Google.
In total, these complaints add up to a total of €7 billion (roughly $8.2 billion U.S.) in potential fines and penalties.
In response to these claims, Facebook's Chief Privacy Officer Erin Egan shared the following statement with TechCrunch:
“We have prepared for the past 18 months to ensure we meet the requirements of the GDPR. We have made our policies clearer, our privacy settings easier to find and introduced better tools for people to access, download, and delete their information. Our work to improve people’s privacy doesn’t stop on May 25th. For example, we’re building Clear History: a way for everyone to see the websites and apps that send us information when you use them, clear this information from your account, and turn off our ability to store it associated with your account going forward.”
GDPR enables companies and services to collect the data necessary for the service to function without the need for users to check consent boxes. However, it also mandates that users have a clear and present choice to opt in or out of additional data collection or for the necessary data collected to be used for nonessential functions (such as advertisement or analytics that can be sold). Max Schrems of noyb puts it best:
"Anything strictly necessary for a service does not need consent boxes anymore. For everything else users must have a real choice to say ‘yes’ or ‘no’."