fbpx

Max Shrems’s Non-Profit Organisation Files Complaints against Tech Giants

The Austrian non-profit organisation noyb, the brainchild of data-privacy activist Max Shrems, has filed 10 strategic complaints against eight tech firms in Austria – among which are Apple, Amazon, Netflix, Spotify and Youtube. According to the complaint, that the organisation identified violations of Article 15 of the GDPR in many shapes and forms by these companies.

Read more about Max Schrems: Who is Maximillian Schrems?

As we already know, under the GDPR every data subject has the right to access the information that has been stored on him/her. While small companies respond manually to Data subject access requests (DSARs), big corporations like YouTube, Apple, Spotify or Amazon have built automated systems that aim to provide the relevant information.

The complaints have different specific problematic areas, but the core problem with all of them is the fact that the implemented automated systems, processing the data subject access requests are non- functional. According to noyb, none of the implemented systems provided the user with all relevant data.

“Many services set up automated systems to respond to access requests, but they often don’t even remotely provide the data that every user has a right to. In most cases, users only got the raw data, but, for example, no information about whom this data was shared with. This leads to structural violations of users’ rights, as these systems are built to withhold the relevant information.” says Schrems.

While most of these corporations have provided at least some response to the request of users to access their data, tests by nyob showed that DAZN and SoundCloud are simply ignoring the requests. This doesn’t mean that the others are in the safe zone, even though they respond to DSARs, in most cases, these consist of raw data and in cryptic formats that make it extremely hard or even impossible for an average user to understand the information. In many cases certain types of raw data were also missing.

The full complaints and list of violations you can find HERE

GDPR Toolkit Blog will follow this issue and will keep you posted with any developments!

Leave a Reply

Your email address will not be published.