noyb, a European privacy enforcement non-profit organisation which focuses on commercial privacy issues on a European level, says that “as GDPR foresees EUR 20 million or 4% of the worldwide turnover as a penalty, the theoretical maximum penalty across the 10 complaints could be EUR 18.8 billion”.
After testing the eight companies (i.e., Amazon, Apple, DAZN, Spotify, SoundCloud, YouTube, Flimmit, Netflix) “right to access” compliance, noyb found out that none of the eight streaming companies were fully compliant. According to BleepingComputer the “right to access” grants all EU citizens the “right to get a copy of all raw data that a company holds about the user, as well as additional information about the sources and recipients of the data, the purpose for which the data is processed or information about the countries in which the data is stored and how long it is stored.”
Despite the fact that some services set up automated systems to respond to access requests, they often do not provide the data that every user has a right to. In most cases, users only got the raw data, but, for example, no information about who this data was shared with. This leads to structural violations of users’ rights, as these systems are built to withhold the relevant information.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now