// 8 major tech firms accused by privacy campaign group of breaching GDPR rules
// Companies allegedly failed to provide basic info on how data was sold & stored
// Apple CEO Tim Cook called for more to be done to protect user’s data
For all the latest retail technology news, make sure to visit Retail Gazette’s new publication chaRGed.com launching in the coming weeks.
A number of the world’s largest tech companies, including Apple and Amazon, have been accused of failing to meet the EU’s GDPR data protection regulations.
An Austrian privacy campaign group called None of Your Business (NOYB) has filed a complaint with the Austrian Data Protection Authority, accusing the companies of failing to provide basic information like how their data is bought and sold on request, putting it in breach of GDPR rules.
The group, which has also accused Netflix, Spotify and YouTube of breaching regulations, has called for the regulator to begin an investigation into the firms after conducting its own research.
Under GDPR rules, which came into force in May, users have the “right to access” giving them the right to be informed about how their data is handled and how long it is stored for, with violations carrying a potential fine of four per cent of the companies’ turnover.
NOYB worked with a group of ten volunteers who requested their data from eight tech companies, and found that the data they received was “insufficient or inaccurate”, and companies like Apple provided data in “an incomprehensible form”.
“The results confirmed they were all evading their obligation to provide data or providing insufficient or inaccurate responses,” NOYB data protection lawyer Ioannis Kouvakas said.
This comes after Apple chief executive Tim Cook called for regulators to allow consumers to track and delete their personal data and tackle the “shadow economy” of data brokers in an op-ed for Time Magazine.
Cook urged the US Federal Trade Commission (FTC) to launch a “data-broker clearinghouse” where any company buying and selling data will have to log their activities and be held accountable, while giving consumers the ability to track and delete their personal data.
Kouvakas said: “Making declarations about how you respect user privacy is important but in order for it not to be a marketing statement, it has to be borne out in practice.
“If the data they provide is incomprehensible to users, it doesn’t allow users to exercise their rights properly.”