Noyb files privacy complaints over 100 European companies still sharing data with Google, Facebook

News General Europe 18 AUG 2020
Noyb files privacy complaints over 100 European companies still sharing data with Google, Facebook

Telecom operators Tele2, Free Mobile and Fastweb are among the over 100 companies facing complaints from the privacy rights group Noyb. The group led by Max Schrems said the companies' websites are still using Google and Facebook code that allows data on users to be sent to the US, despite the EU Court of Justice declaring this illegal a month ago. 

Noyb has filed complaints against a total 101 major companies with national data protection regulators in all 30 countries belonging to the EU or European Economic Area. The complaints are also brought against Google and Facebook in the US, for continuing to accept these data transfers, despite them being in violation of the EU's General Data Protection Regulation. 

Snippets of code from the sites show they are still using Google Analytics or Facebook Connect to collect information on visitors. "Both companies admit that they transfer data of Europeans to the US for processing, where these companies are under a legal obligation to make such data available to US agencies like the NSA. Neither Google Analytics nor Facebook Connect are essential to run these web pages and are services that could have been replaced or at least deactivated by now," said Schrems, the honorary chair of Noyb.eu.

Google claims it is still relying on the Privacy Shield agreement to transfer personal data between the EU and US, while Facebook uses standard contract clauses to regulate the flows. However, the Court of Justice declared the Privacy Shield invalid under its landmark ruling last month, as the US does uphold the standards of the GDPR. Furthermore, the court said companies using the contract clauses are obliged to ensure the destination of personal data respects EU privacy law - something which is not the case for the US. 

Noyb said the court ruling underlined the duty of data protection authorities to intervene and enforce the law, especially when receiving a complaint. They can prohibit the data transfers or even issue fines for serious violations of EUR 20 million or 4 percent of the company's turnover. 

The group said it appears companies are ignoring the court ruling. Noyb plans to step up pressure on companies to adapt their policies, and it has also released guidance for smaller companies trying to comply with the ruling. Over time, it also plans to take regulators and policymakers to task for not enforcing the ruling, "like the Irish DPC that stays dormant", it said.

Other companies named in the complaints include Syn, Elisa Estonia, Marktplaats, Roularta Media, Takeaway.com, OE24, RTE, Sky Deutschland, Zoznam, Hotnews.ro, Handelsblatt, Delo and Onet-RAS Polska. Major retailers such as Auchan, Decathlon, Bpost, Sephora, Ikea, Coop Sweden and Danske Bank were also covered by the complaints

Categories:

General

Companies:

ElisaTele2FastwebSky DeutschlandOnetRTEFree MobileZoznam

Regions:

Europe

Tags:

Regulations, IT - applications, Portals / social media, Sales, Information services, Advertising services, Legislation - Lawsuits

Related Articles

EUROPE 4 JAN 2023

Meta fined EUR 390 mln in landmark GDPR case limiting personal data use for ads

Meta has received fines totaling EUR 390 million from the Irish Data Protection Commission for violations by Facebook and Instagram of the EU's General Data Protection Regulation. In a landmark decision on complaints filed back in 2018 when the GDPR took effect, the regulator said the company could not force users to accept processing of their personal data for ads in order to gain access to its social networking platforms. Meta has three months to rectify the situation, meaning it must seek another form of

EUROPE 15 MRT 2022

Irish data regulator sued by ICCL for inaction over Google RTB system

The Irish Council for Civil Liberties (ICCL) is suing the Data Protection Commission (DPC) for failing to protect people from Google's Real-Time Bidding online ad system.

AUSTRIA 21 JUL 2021

Austrian supreme court refers Noyb case against Facebook to EU court

The Austrian Supreme Court has referred the case against Facebook brought by the privacy rights group Noyb to the EU Court of Justice for an opinion on several questions. This follows a request from Max Schrems, the founder of Noyb, to get the EU court's input on four issues, before a ruling is taken in the long-running civil case over privacy on the social network.

BELGIUM 15 JUN 2021

EU court says Facebook can face national privacy cases outside Ireland too

The EU Court of Justice has upheld the right of national regulators outside Ireland to sue Facebook for privacy violations in the EU. In an appeal against a decision from the Belgian Data Protection Authority, Facebook had claimed that only the Data Protection Commission in Ireland, where Facebook's European operators are based, could conduct such a case. The EU court disagreed, saying the General Data Protection Regulation allows any national regulator to sue in a case of cross-border data processing.

EUROPE 31 MEI 2021

Noyb files over 500 complaints to companies over unlawful cookies

Noyb, the privacy rights group founded by activist Max Schrems, has tabled over 500 draft complaints to companies using cookie banners that do not comply with the requirements of the General Data Protection Regulation (GDPR). According to Noyb, companies use so-called "dark patterns". Such company websites are designed in such a way that the buttons for rejecting cookies are difficult to find.

FRANCE 7 APR 2021

Noyb lodges new complaint against Android tracking code in French e-privacy case

Google faces a fresh complaint in France over the use of a tracking code known as Android Advertising Identifier (AAID). Max Schrems's privacy rights group Noyb has asked French data watchdog CNIL to investigate alleged "illegal operations" linked to how Google stores and accesses the AAID on Android devices, arguing that they amount to a violation of the French law implementing the EU e-privacy directive. The complaint states that the AAID is used for advertising tracking purposes only and that Google is u

GLOBAL 7 APR 2021

Facebook confirms leak of 533 mln user accounts, Irish DPC investigating

Facebook has confirmed that "malicious actors" obtained a dataset containing records of 533 million users by "scraping" public profiles using a vulnerability in the company's contacts synchronisation tool. The data leaked dates from prior to September 2019 and the vulnerability has since been closed off, said the company in a blog entry posted in response to reports first published by Business Insider. "As a result of the action we took, we are confident that the specific issue that allowed them to scrape t

AUSTRIA 4 JAN 2021

Vienna court rules Facebook can use data without explicit consent of users

The Higher Regional Court in Vienna has ruled that Facebook does not need to obtain the explicit consent of its users to use their data according to the EU data protection law (GDPR).  The court confirmed a previous ruling by the higher civil court against the plaintiff, Austrian data activist Maximilian Schrems. The higher court said that Facebook can successfully invoke Article 6 of the GDPR, allowing Facebook to process user data based on the contract between the user and the platform. The data are used

UNITED STATES 15 DEC 2020

FTC orders social media companies to open up on how they use personal data

The Federal Trade Commission is issuing orders to nine social media and video streaming companies, requiring them to provide data on how they collect, use, and present personal information, their advertising and user engagement practices, and how their practices affect children and teens. The orders concern Amazon.com, ByteDance, which operates the short video service TikTok, Discord, Facebook, Reddit, Snap, Twitter, WhatsApp, and YouTube. The companies have 45 days to respond. 

EUROPE 10 DEC 2020

Twitter, Vimeo, WordPress push for EU flexibility in new rules to take down illegal content

Twitter, Vimeo, Mozilla and WordPress.com's owner Automattic asked the EU to take a flexible strategy towards harmful and illegal online content instead of blanket rules requiring content removal. The companies said such an approach would help preserve an open internet. 

EUROPE 4 DEC 2020

Irish High Court to hear Facebook appeal against data transfer ruling

The Irish Data Protection Commission (DPC) confirmed that Facebook's judicial proceedings against the regulator are scheduled before the Irish High Court on 15 December.

UNITED KINGDOM 24 NOV 2020

UK marketers call for regulator to suspend Google Chrome cookie changes

Another group of online publishers and marketers is calling for competition authorities to take action against Google, this time in the UK. The Marketers for an Open Web coalition is asking the UK's Competition and Markets Authority (CMA) to intervene and delay a change in Google's cookies technology which the rivals claim would "cement its dominance of online business". 

EUROPE 16 NOV 2020

Noyb files Spanish and German privacy complaints against Apple tracking code

Privacy rights group Noyb has followed a series of actions launched against Facebook, Google and others by filing new complaints with Spanish and German data protection authorities over Apple's 'IDFA' tracking tool. The group led by privacy activist Max Schrems claimed that the tracking code enables Apple and all apps on iPhones to store users' data without their consent in what amounts to a clear infringement of EU privacy law.

EUROPE 11 NOV 2020

EDPB issues recommendations on compliant data transfers after Schrems II ruling

The European Data Protection Board has adopted guidance for businesses struggling with the implications of the court ruling striking down the EU-US Privacy Shield agreement. The recommendations are designed to help organisations adapt their cross-border transfers of personal data to ensure they meet the requirements of EU law. 

EUROPE 19 OKT 2020

Irish watchdog investigating Instagram's handling of children's personal data

David Stier, a US data scientist who first discovered the loophole, estimates that as many as 5 million children had personal details exposed when they switched from a personal to a business setting to receive statistics on how popular their photos and videos were. No proof is required that the user actually runs a company, meaning personal contact details such as phone numbers and email addresses were publicly displayed on their profile, allowing anybody to contact the children outside of the app.

Just In

19 DEC 16:42

SLT-Mobitel launches 5G network in Sri Lanka

19 DEC 16:19

Dialog Axiata launches 5G network, connects 1.5 million subscribers

19 DEC 15:56

UK govt to ban AI-enabled nudification apps to protect women, girls

19 DEC 15:42

3 UK launches last-minute Christmas sale

Commentary

13:56

Video market set for slower growth ahead

11:38

Netflix buys Warner Bros to deepen content catalogue

11:11

KPN's mixed performance in Q3 raises questions for strategy day

15:26

Stock markets breaking records but what happened to Odido's IPO plans?

Background

01:04

The week in telecom: Wi-Fi bolt-ons take off to boost broadband growth, video market works on consolidation

01:39

The week in telecom: Netflix wins bidding for Warner Bros, Apple poaches new execs, Samsung debuts trifold

13:51

Proximus vs. Telenet: Proximus performs better in Q3 while Telenet uses up cash

14:16

Proximus Domestic still struggling with low margins

Complete profile

Before downloading the whitepaper, we would like to ask you to complete your profile with company and position. After confirming you will receive the white paper.