Hours after new European Union data protection laws came into force on Friday, Mr Schrems launched his latest challenge to Facebook, and a new suit against Google, accusing them of "coercing" users into accepting their data collection policies.
"Even in organisations that are ready for the GDPR, HR needs to monitor that staff are still aware of what's required through regular reviews and the employee development process". Confused? Here are five things you need to know about the GDPR, starting with the basics.
The GDPR was approved in 2016, but companies were given a two-year grace period before implementation. If global customer data stored in India gets leaked, Indian businesses could face huge penalties in Europe, ranging from 20 million euros to 4% of global turnover.
The European law is much stronger than its Canadian equivalent, the Personal Information Protection and Electronic Documents Act. There are other GDPR-compliant ways to use customer data, especially when it's necessary to conduct business (you're going to want to ask a lawyer if you qualify).
Among the larger technology firms to report an impact was Pinterest's new clipping service Instapaper, which said it underestimated the work required to comply with the new European Union law that requires users to have near-complete control over the data they share with organisations. So really simply, the GDPR is an attempt to create one set of rules that everyone can follow, and it happens to enact the most consumer-friendly set.
The regulations force companies to use the highest possible privacy settings by default.
When will USA citizens get the same rights? Whether those big fines actually materialise will depend on how seriously companies have taken their preparations and ongoing compliance. The law, ironically enough, is about as massive as the bloated privacy policies it seeks to simplify, coming in at 261 pages that you can read for yourself, but you probably won't, which is exactly the problem with many privacy policies-beyond the "legalese" they employ that typically leaves even those who read them confused about exactly what they're agreeing to.
A Facebook spokesperson denied any wrongdoing and said that the company has "prepared for the past 18 months to ensure we meet the requirements of the GDPR". You also need to notify each individual whose data has been compromised or lost - effectively, you will have to publicly shame your company.
First, they have to figure out if this applies to them. There are probably some businesses that don't realize that their mailing list is global. As a result, websites such as the LA Times, New York Daily News, Chicago Tribune, Orlando Sentinel and Baltimore Sun are blocking European users.
"For certain lines of services, such as Platforms, new concepts like Privacy by Design shall be understood at the earliest stage at Mindtree when we design new solutions, as well as when we engage with prospects", Carperntier added.
That's the hope of a lot of privacy advocates.
Previously, if you decided you no longer wanted your Apple ID, it was ok for Apple to disable it but then hold onto all your data so that it could re-enable it at a later date if you changed your mind.