Big tech is still violating your privacy

[Commentary] First came the scaremongering. Then came the strong-arming. After being contested in arguably the biggest lobbying exercise in the history of the European Union, the General Data Protection Regulation became fully applicable at the end of May. Since its passage, there have been great efforts at compliance, which regulators recognize. At the same time, unfortunately, consumers have felt nudged or bullied by companies into agreeing to business as usual. This would appear to violate the spirit, if not the letter, of the new law.

Under the GDPR, a contract cannot be used to obtain consent. Some major companies seem to be relying on take-it-or-leave-it contracts to justify their sweeping data practices. Witness the hundreds of messages telling us we cannot continue to use a service unless we agree to the data use policy. We’ve all faced the pop-up window that gives us the option of clicking a brightly colored button to simply accept the terms, with the “manage settings” or “read more” section often greyed-out. One of the big questions is the extent to which a company can justify collecting and using massive amounts of information in order to offer a “free” service.

Independent EU enforcement authorities — at least one in each EU member state — are already investigating 30 cases of such alleged violations. The public will see the first results before the end of 2018. Regulators will use the full range of their enforcement powers to address abuses, including issuing fines.

[Giovanni Buttarelli is the European Union’s data protection supervisor. Because of his advocacy for the E.U.’s General Data Protection Regulation law, he is sometimes called “Mr. GDPR.”]