EU Privacy Activist Targets US with GDPR Rules

With the General Data Protection Regulations (GDPR) now in effect, any company collecting and using data on consumers in the EU is required to give users the choice of whether they agree or disagree with a company's privacy policy. 

The GDPR regulations empower citizens by enabling them to file complaints against companies that are not in compliance, which is exactly what Reuters reported that Max Schrems, a privacy activist in Austria, has done. 

Schrems, who has reportedly filed legal cases against Facebook, Google, Instagram, and WhatsApp, told Reuters that US tech giants are trying to force users to consent to their new privacy policies without providing a "yes or no" option.

Schrems has long been awaiting today's deadline and is no stranger to relying on the law to protect personal data. The South China Morning Post reported that he won a landmark European court ruling in 2015 and recently established a charity called None of Your Business to prevent tech giants from harvesting consumer data.

The impact of the regulations is also notable with US companies that are not reportedly breaking the law. TwitterMoments wrote, "A number of high-profile websites, including the Chicago Times and LA Times, are temporarily unavailable in Europe after new European Union rules on data protection came into effect. The General Data Protection Regulation (GDPR) gives people in the area more rights over how their information is used. Companies that fail to comply with the new law are subject to fines of up to 4% of global revenue."

GDPR in full effect
GDPR in full effect

Not everyone fears the immediate consequences of noncompliance, though. "The EU regulators aren’t going to be slapping you with a 4% fine anytime soon. As the ‘The Verge’ reported earlier this week, not even the regulators are ready (or funded) to do this. With that said, I think back to Douglas Adam’s advice, ‘Don’t panic.’ Even the Facebooks and Twitters of the world don’t have all the answers," said Anupam Sahai, vice president of product management at Cavirin

Steve Durbin, managing director of the Information Security Forum, a London-based authority on cyber, information security and risk management said, "For companies that have been working diligently on preparations and are essentially compliant, this is the time to focus on the finer points of the regulation and to put policies and processes in place to ensure that the ecosystem of service providers, vendors, and partners can be managed in a comprehensive but streamlined manner. Larger companies should have a Data Protection Officer (DPO) in place, and SMBs [small to medium-sized businesses] should assign equivalent responsibilities to a senior employee, retaining outside expert help when needed.”

What’s Hot on Infosecurity Magazine?