Major lawsuits filed against Facebook, Google, Instagram and WhatsApp on first day of GDPR era

[НСК-СБ]

Major lawsuits filed against Facebook, Google, Instagram and WhatsApp on first day of GDPR era
From midnight on May 25, all data operators that work with information about European citizens must comply with the new rules, known as the GDPR (General Data Protection Regulation). Facebook, Google, Instagram and WhatsApp have already received their first multi-billion dollar lawsuits for not following the new rules.
A few days before the new rules came into force, large social networks began to notify their users about this and asked to confirm their agreement with GDPR. In connection with this requirement on the first day of the rules four complaints were submitted - against Google and their Android operating system, social networks Facebook and Instagram, as well as the WhatsApp messenger. The reason is the so-called "forced consent", reports the European organization Noyb.

In fact, companies did not allow users to understand what the essence of the changes was, or simply issued new GDPR rules for changing the internal rules of a particular network. The amount of claims to Google is € 3.7 billion, and to the other three companies - € 1.3 billion each.

Any business, regardless of jurisdiction, must perform GDPR if it uses the data of residents of the European Union in its work, and it has direct effect in 28 participating countries. In particular, Russian companies that have subsidiaries, online stores, airline sites that allow purchases from the EU, mobile operators and banks fall under the jurisdiction of the GDPR.

As Natalia Belomestnova, Advisor to Dispute Resolution and Intellectual Property Practice at Bryan Cave Leighton Paisner (Russia) LLP, told us, an important feature of the GDPR is that the regulation does not use the concept of “citizenship” and protects the personal data of all persons located in the EU in including Russians. "Therefore," under the distribution ", most likely, Russian banks will receive information about transactions of customers on vacation or business trips to the EU, as well as mobile operators that track the movements of subscribers in roaming," the expert explained.

According to the meaning of GDPR, these companies, despite their location outside the EU, must comply with the GDPR requirements in full, and also appoint an authorized responsible representative in the EU who will respond to all requests from regulatory authorities. "However, there is still no complete clarity on how the mechanisms for holding accountable foreign companies that are not in the EU and have not appointed their authorized responsible representative," Belomestnova says. According to her, at present "not many Russian companies" are concerned about the issue of fulfilling GDPR requirements, but they expect a surge of interest in this topic after the start of the formation of law enforcement practice.

The expert expects the regulatory authorities to initiate "several demonstration processes" in relation to foreign companies in order to demonstrate the seriousness of their intentions to enforce GDPR rules outside the EU.

• Maxim Varaksin

Major lawsuits filed against Facebook, Google, Instagram and WhatsApp on first day of GDPR era