Filed under Article 77(1) of the GDPR, the complainant (otherwise known as the data subject) — represented under Article 80(1) of the GDPR — alleges that Facebook (otherwise known as the controller) violated the “right to data protection,” especially Articles 5, 6, 7 and 9 of the GDPR and Article 8 of the CFR.
The complaints are as follows:
- that “the controller required the data subject to “agree” to the entire privacy policy and to the new terms.” This means that the controller (data subject) was “forced” to “agree” to this policy, therefore “mak[ing] them a part of the civil-law terms.”
- that, under the blanket privacy policy the complainant was “forced” to “agree” to, a clause was included that allows Facebook to provide personalized and targeted ad services to the user. This is, as the complaint reads, “in an attempt to falsely associate this form of consent with Article 6(1)(b) of the GDPR.”
- that Facebook was not forthright in making it clear to the user that they did not have to agree to the policy, the complaint files this under the question: “how did the data subject allegedly consent?” and explains “the controller uses, for example, the wording “I AGREE” as the only real option within its app to force data subjects to consent to the privacy policy.” In this section, the complaint also alleges that Facebook blocked the user’s account if they did not consent by May 25, 2018 and used “tricks” to get people to agree, in the form of fake messages.
“If this is what the controller has attempted, then this is nothing more than an aggressive and absurd attempt to deprive data subjects of their rights under Article 6(1)(a), 7 and 9(2)(a) of the GDPR, by wrapping this consent into civil-law arrangement. Any such “agreement” must be interpreted as what it really is: a consent provision camouflaged as a “contractual obligation” by the controller and moved into the civil-law terms.” — from the complaint.
“The controller used additional “tricks” to pressure the users: For example, the consent page included two fake red dots (violation against Article 5(1)(a) – neither “fair”, nor “transparent”), that indicated that the user has new messages and notifications, which he/she cannot access without consenting – even if the user did not have such notifications or messages in reality.” — from the complaint.
Facebook actually put *fake red dots* to try and make you think you have messages even if you don't, so you agree to their tracking more hastily. Read full complaint against Facebook: pic.twitter.com/inThjgPoov
— Francis Irving (@frabcus) May 28, 2018
While Facebook is not alone in the rise of complaints they’ve received for running afoul of the GDPR, they certainly are at the top of list along with Google. Some complaints against the two companies came in just hours after the GDPR came into effect.
READ MORE: Facebook and Google at top of GDPR complaints list