Email
Password
Remember meForgot password?
    Log in with Twitter

article imageComplaint: Facebook pressured users to agree to privacy policy

By Lisa Cumming     May 29, 2018 in Internet
A complaint filed by the European Center for Digital Rights, on behalf of an anonymous complainant, against Facebook Ireland Ltd. et al alleges the company used pressure tactics to get people to accept its privacy policy, in violation of the GDPR.
Filed under Article 77(1) of the GDPR, the complainant (otherwise known as the data subject) — represented under Article 80(1) of the GDPR — alleges that Facebook (otherwise known as the controller) violated the "right to data protection," especially Articles 5, 6, 7 and 9 of the GDPR and Article 8 of the CFR.
The complaints are as follows:
  • that "the controller required the data subject to “agree” to the entire privacy policy and to the new terms." This means that the controller (data subject) was "forced" to "agree" to this policy, therefore "mak[ing] them a part of the civil-law terms."
  • that, under the blanket privacy policy the complainant was "forced" to "agree" to, a clause was included that allows Facebook to provide personalized and targeted ad services to the user. This is, as the complaint reads, "in an attempt to falsely associate this form of consent with Article 6(1)(b) of the GDPR."
  • "If this is what the controller has attempted, then this is nothing more than an aggressive and absurd attempt to deprive data subjects of their rights under Article 6(1)(a), 7 and 9(2)(a) of the GDPR, by wrapping this consent into civil-law arrangement. Any such “agreement” must be interpreted as what it really is: a consent provision camouflaged as a “contractual obligation” by the controller and moved into the civil-law terms." — from the complaint.
  • that Facebook was not forthright in making it clear to the user that they did not have to agree to the policy, the complaint files this under the question: "how did the data subject allegedly consent?" and explains "the controller uses, for example, the wording “I AGREE” as the only real option within its app to force data subjects to consent to the privacy policy." In this section, the complaint also alleges that Facebook blocked the user's account if they did not consent by May 25, 2018 and used "tricks" to get people to agree, in the form of fake messages.
  • "The controller used additional “tricks” to pressure the users: For example, the consent page included two fake red dots (violation against Article 5(1)(a) – neither “fair”, nor “transparent”), that indicated that the user has new messages and notifications, which he/she cannot access without consenting – even if the user did not have such notifications or messages in reality." — from the complaint.
While Facebook is not alone in the rise of complaints they've received for running afoul of the GDPR, they certainly are at the top of list along with Google. Some complaints against the two companies came in just hours after the GDPR came into effect.
READ MORE: Facebook and Google at top of GDPR complaints list
More about Facebook, Privacy, Complaint, gdpr