Eight European consumer watchdogs file complaints over Meta’s data processing

Eight European consumer organizations have filed complaints against Facebook parent Meta accusing it of breaching the EU’s General Data Protection Regulation (GDPR) with its so-called “pay-or-consent” policy and opaque internal policies.

The organizations are all members of BEUC, the European Consumer Organization.  Their complaints, publicized Thursday, argue that the large-scale consumer data collection practiced by Meta violates the GDPR, and that the company has abused its dominant market position to essentially coerce customers into accepting its terms. Each of the eight groups filed their complaints with their national data protection authorities, as there is no pan-European office to accept such complaints.

Facebook and Instagram users, according to BEUC, are being forced to choose between consenting to the processing of their personal information for advertising or paying fees that could top €311/year for a person with a mobile device on which they use both Facebook and Instagram.

Despite the furor around the “pay or consent” model, BEUC said that this is largely a side issue.

“While public discussions revolve around this ‘pay-or-consent’ model, Meta carries on with its privacy-invasive business model,” the group said in a brief report. “Each time regulators confirmed that the legal basis Meta relied on was invalid, the company has simply made changes in its privacy policy, while continuing its structural surveillance of consumers.”

Reached via email, a spokesperson for the consumer federation underlined that the real problem is Meta’s data processing, “regardless of what consumers choose, which cannot be compliant with the GDPR.”

The spokesperson said that the group believes fines will be a helpful remedy to the extent that they change Meta’s behavior, but that the behavioral change is what they’re really after.

“Ultimately, that will mean a change of its business model away from surveillance advertising and towards more privacy-friendly forms of business such as contextual ads,” the group said.

This is far from the first time that data privacy regulators and watchdogs have taken aim at Meta in the wake of the GDPR’s coming into effect in 2018. Complaints to the data protection watchdogs in Ireland, the UK and Austria, among others, have made headlines in recent years, and the company has paid well over $2 billion in fines since the law went into effect.

Meta is by far the biggest payer of fines for GDPR violations, but a host of smaller businesses have paid penalties because they didn’t ensure GDPR compliance.

http://www.computerworld.com/category/security/index.rss