European Activist Group Files a Formal Complaint against Apple Music, Netflix, Spotify, YouTube and others for Violating EU's GDPR
In Tim Cook's Brussels speech in October 2018, Cook praised Europe's "successful implementation" of privacy law GDPR. Cook specifically stated that "Fortunately this year you've shown the world that good policy and political will can come together to protect the rights of everyone. We should celebrate the transformative work of the European institutions tasked with the successful implementation of the GDPR. It is time for the rest of the world — including my home country — to follow your lead.
After pounding the table in favor of Europe's General Data Protection Regulation (GDPR), a privacy activist non-profit organization noyb lists Apple along with other Silicon Valley companies for not complying with Europe's GDPR. Noyb said it filed its complaints with the Austrian authority on behalf of 10 users.
Today noyb (None of your business) filed a complaint that read: A test by noyb shows structural violations of most streaming services. In more than 10 test cases noyb was able to identify violations of Article 15 GDPR in many shapes and forms by companies like Amazon, Apple, DAZN Spotify or Netflix. noyb filed 10 strategic complaints against 8 companies today.
Right to Access. Under the new General Data Protection Regulation (“GDPR”) users enjoy a 'right to access.' Users are granted a right to get a copy of all raw data that a company holds about the user, as well as additional information about the sources and recipients of the data, the purpose for which the data is processed or information about the countries in which the data is stored and how long it is stored. This 'right to access' is enshrined in Article 15 GDPR and Article 8(2) of the Chart of Fundamental Rights.
Eight out of eight violations. noyb (a European non-profit organization for privacy enforcement) has put the law and eight online streaming services from eight countries to the test – but no service fully complied. In eight out of eight cases, noyb has filed formal complaints with the relevant data protection authorities today. All major providers even engaged in “structural violation” of the law, says Max Schrems, Director of noyb
Structural Violations. While many smaller companies manually respond to GDPR requests, larger services like YouTube, Apple, Spotify or Amazon built automated systems that claim to provide the relevant information. When tested, none of these systems provided the user with all relevant data.
Max Schrems, director of noyb statement: "Many services set up automated systems to respond to access requests, but they often don’t even remotely provide the data that every user has a right to. In most cases, users only got the raw data, but, for example, no information about who this data was shared with. This leads to structural violations of users’ rights, as these systems are built to withhold the relevant information."
Considering that Time just published an Op-Ed by Apple's CEO on privacy issues and shadowy data brokers yesterday, it's surprising that Apple, of all U.S. companies, has been drawn into this formal complaint filed in Austria. Then again, the fine print tells us that it's more specifically "Apple Music" out of Ireland.