A number of tech giants, including Amazon, Apple, Netflix, YouTube and Spotify, have been accused of breaching the EU's GDPR regulations, according to a complaint filed on January 18 with the Austrian Data Protection Authority.
The complaint was filed by the Austrian privacy campaign None of Your Business (NOYB), who claimed that the companies failed to provide basic information, such as how they buy and sell user data, following requests by 10 citizens for the information.
"When tested, none of these systems provided the user with all relevant data. In most cases, users only got the raw data, but, for example, no information about who this data were shared with," said Max Schrems, co-founder and director of NOYB. "This leads to structural violations of users' rights, as these systems are built to withhold the relevant information."
In total, eight firms were queried: Amazon, Apple, Netflix, YouTube, Spotify, SoundCloud, Flimmit and DAZN. Of the eight, YouTube, Apple, Spotify and Amazon had automated systems in place allowing users to download data immediately while Apple provided users with around 40 excel spreadsheets with alphanumeric data that was incomprehensible. YouTube offered files that were also impenetrable to users, some of which were in esoteric files formats such as JSON.
Netflix had one of the better systems in place and was able to provide a list of raw data, including descriptions of shows that the user had watched and where and when they were watched.
GDPR was implemented to protect EU individuals from misuse of their data and was introduced in May 2018.