Written By ESR News Blog Editor Thomas Ahearn
On May 25, 2018, the first day of enforcement of the General Data Protection Regulation (GDPR) – the primary law regulating how companies protect the personal data of citizens in the European Union (EU) – the European Center for Digital Rights or NOYB (“none of your business”) filed four complaints against Facebook, Google (Android), Instagram, and WhatsApp accusing them of “forced consent.”
According to NOYB – a non-profit organization in Vienna, Austria – the GDPR “which came into force today at midnight is supposed to give users a free choice, whether they agree to data usage or not. The opposite feeling spread on the screens of many users: Tons of ‘consent boxes’ popped up online or in applications, often combined with a threat, that the service cannot longer be used if users do not consent.”
Article 7 of the GDPR “Conditions for Consent” prohibits forced consent and any form of bundling a service with the requirement to consent. Access to services can no longer depend on whether a user gives consent to the use of data and a guideline on this issue was published by European data protection authorities in November 2017. The four complaints – which have a total potential penalty of up to €7 billion – are detailed below:
- The complaint against Facebook comes under the authority of the DSB in Austria with a maximum penalty of €1.3 MRD.
- The complaint against Google (Android) comes under the authority of the CNIL in France with a maximum penalty of €3.7 MRD.
- The complaint against Instagram comes under the authority of the DPA in Belgium with a maximum penalty of €1.3 MRD.
- The complaint against WhatsApp comes under the authority of the HmbBfDI in Hamburg, Germany with a maximum penalty of €1.3 MRD.
The GDPR replaced the Data Protection Directive 95/46/ec established in 1995 and not only applies to organizations located in the EU but also to organizations located outside of the EU if they offer goods or services to, or monitor the behavior of, EU data subjects. The GDPR applies to all companies processing and holding the personal data of data subjects residing in the EU, regardless of the company’s location.
The GDPR – which has been called “the most important data privacy regulation in 20 years” – was designed to protect EU citizens from data breaches in an increasingly information-driven world much different from the time when the directive was established in 1995. Organizations must comply with the GDPR or face penalties of up to four percent of annual global turnover or €20 million Euros ($23+ million Dollars).
The 28 member countries of the EU include (in alphabetical order) Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, and the United Kingdom. More information on “Brexit” is available here.
NOYB was founded by lawyer and privacy activist Max Schrems, who has brought many successful legal cases in the area of data protection. A ruling by the European Court of Justice in the case of Schrems v. Data Protection Commissioner in October 2015 invalidated the “Safe Harbor” data transfer agreement between the EU and the United States and led to the creation of the EU-U.S. Privacy Shield Framework.
ESR Adheres to EU GDPR and EU-U.S. & Swiss-U.S. Privacy Shield Framework
Employment Screening Resources (ESR) – a leading global background check firm – has international screening solutions that incorporate fully compliant GDPR policies, procedures, and technologies to help employers screen EU residents. ESR has also self-certified its adherence to the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework. To learn more about ESR, visit www.esrcheck.com.
The ESR Assured Compliance® system has been augmented to provide ESR clients with GDPR related tools. ESR can present and collect the consent from the subject for the Controller to obtain and process personal information. ESR can present any other client provided documents and/or country specific statements of rights and obtain an acknowledgment of receipt by the subject.
ESR also supports the various rights of the data subject including but not limited to: Right to Information; Right to Access; Right to Rectification; Right to Restrict Processing; Right to Object; Right to Erasure; and Right to Data Portability. To learn more about international background screening from ESR, please visit www.esrcheck.com/Background-Checks/ESR-Global-Solutions/.
NOTE: Employment Screening Resources® (ESR) does not provide or offer legal services or legal advice of any kind or nature. Any information on this website is for educational purposes only.
© 2018 Employment Screening Resources® (ESR) – Making copies or using of any part of the ESR News Blog or ESR website for any purpose other than your own personal use is prohibited unless written authorization is first obtained from ESR.