The GDPR has been in effect for several months now – but what have we learned so far? A lot of people feel that it’s not worth the trouble and/or are annoyed by the fact that some pages outside of the EU decided to simply not comply but instead shut Europeans out via GeoIP. On top of that smaller blogs owners also got really afraid about what they need to do and decided that it’s not worth the trouble; their blogs were shut down.
But what about the bigger companies? Do the offer the users at least some degree of control over the usage of their private data? Apparently this greatly depends. Just recently nyob (an abbreviation for none of your business) identified several streaming services that violate article 15 of the GDPR – including Amazon, Apple, DAZN, Spotify, and Netflix.
What is Article 15?
Article 15 of the GDPG basically gives you the right to get a copy of all raw data that a given company holds about you. On top of that you are also allowed to find out who has access to the data and for which purpose it is processed as well as in which countries the data is stored for how long. In theory this sounds pretty good and gives users a lot of insight.
Now nyob, a European non-profit organization for privacy enforcement, has filed eight formal complaints with data protection authorities because some providers do not comply with said article.
Who are these companies?
You might have heard of some of the companies that are put on the spot: Amazon, Apple, DAZN, Netflix, Spotify, and YouTube are probably the most prominent names. They are now sued for an overall sum of 18.8 billion Euros.
The reason is not only one complaint, but several. According to nyob, in the cases were the companies were sending users their raw data (which sadly were not all of them) it was “lacking background information, such as the sources and recipients of data or on how long data is actually stored (“retention period”). In many cases, the raw data was provided in cryptic formats that made it extremely hard or even impossible for an average user to understand the information. In many cases certain types of raw data were also missing.”
Not the first and probably not the last complaint
Since the GDPR has been in effect there have already been several complaints, investigations, and studies. It is unlikely that things will change in the near future but organizations like nyob keep fighting for it, all hope is not lost.