Silicon Valley made a big deal about obeying GDPR, but a study shows the policies of firms like Facebook are ‘vague’ and ‘insufficient’ | Digital Asia
- Justin Sullivan/Getty Images
- Apple, Google, Facebook, and Amazon are all falling short of new European privacy rules, according to a consumer group which analysed their updated privacy policies.
- The tech firms aren’t giving people enough information about how they use their data, and why they might need to collect it.
- The consumer group, the European Consumer Organisation (BEUC), used artificial intelligence to scan the privacy policies for 14 tech firms.
- All the companies face massive fines if they don’t comply with the GDPR.
Remember all those endless emails and app notifications about how important your privacy is to tech firms?
That was all about those firms having to obey new European privacy rules, officially known as the GDPR. But a new study from a European consumer group has found that most popular tech companies are falling short of properly obeying the rules.
Monica Goyens, director general of the European said: “A little over a month after the GDPR became applicable, many privacy policies may not meet the standard of the law. This is very concerning. It is key that enforcement authorities take a close look at this.”
According to the analysis, Facebook doesn’t tell users about how it might use sensitive information that is protected under GDPR, such as religious and political views. While Facebook tells users these are protected categories, it doesn’t actually state how the company might use that data should you choose to give it up.
Facebook also doesn’t properly explain why it needs people’s device data, how people can opt out of tracking on Facebook, and how third parties might use people’s information.
BEUC criticised Google’s language as “unclear” on how it uses people’s information for advertising or other purposes. The group also found Apple’s collection of voice and image data worrying, and said the firm didn’t give a good enough explanation of how it gathers that information.
And it criticised Amazon for making a “vague threat” to users who don’t hand over personal data. Specifically, Amazon tells users who don’t disclose their data that some features won’t be available to them – but the company isn’t clear about what those features are, the report said.
Amazon said it believes it is GDPR-compliant and pointed to its privacy help page.
A spokesman said: “Protecting the privacy of our customers is always a top priority and has been built into our services for years. We have introduced a new Privacy Help page that shows customers how they can easily manage and access their information across our retail, entertainment services, and devices, as well as centralized privacy settings for Alexa that give customers control over their data.”
Facebook and Google did not immediately respond to a request for comment.
The new rules are seen as a way of controlling the big Silicon Valley firms. They face fines of up to 4% of their annual turnover if they don’t comply with the legislation.
Aside from fines, the tech firms are also under threat from lawsuits. BEUC said it was considering legal action. And its report follows $8 billion (£6 billion) in GDPR-related lawsuits filed by the Austrian privacy activist and lawyer Max Schrems.