Austrian non-profit organization NOYB, the "European Center for Digital Rights," has reportedly filed a complaint against Apple and seven other tech companies for allegedly failing to comply with GDPR in the European Union.
/article-new/2015/12/Apple-EU.jpg?lossy)
NOYB said it tested each company's compliance with GDPR by requesting private data held about 10 users and found that "no service fully complied."
"Many services set up automated systems to respond to access requests, but they often don't even remotely provide the data that every user has a right to," said NOYB founder Max Schrems. "This leads to structural violations of users' rights, as these systems are built to withhold the relevant information."
Other companies named in the complaint include Amazon, Netflix, Spotify, YouTube, and three more, according to Reuters.
GDPR was implemented in May 2018 and gives European Union residents the right to access any personal data a company has stored on them. The regulation led Apple to launch a Data and Privacy portal that allows its customers to download a copy of any data associated with their Apple ID account that Apple maintains.
Top Rated Comments
(View all)I was hoping they'd be lax on GDPR. Otherwise they can always find something a company's not doing perfectly. There's already the data portal; idk what else these people want.
They are lax on GDPR actually. In particular, die Austrian government issued a regulation basically being a "get out of jail for free" rule.For now I guess it is safe to assume Apple has nothing to fear as far as Austria is concerned
Yeah, I think they should go after those who just stole nearly 800 million e-mail addresses instead of worrying about this petty crap.
That's not a new breach, it's just a collection of previous leaks.Still it’s much more serious than this and they have several other batches. It’s unacceptable that no one is held to account for these breaches.
It's rather short-term to try and punish those who lost data. It won't prevent any further breaches, because every company thinks they are "secure" and it won't happen to them.It's better to prevent companies from needlessly collecting data in the first place, since those are just breaches waiting to happen. At the very least we should know what data we're putting at risk by allowing those companies to collect it.
I'm guessing that this is less about resistance to the spirit of the law and more about agreeing or disagreeing on what constitutes private data, fixing oversights, and working out any implementation bugs.