Silicon Valley made a big deal about obeying GDPR, but a study shows the policies of firms like Facebook are 'vague' and 'insufficient'

  • Apple, Google, Facebook, and Amazon are all falling short of new European privacy rules, according to a consumer group which analysed their updated privacy policies.
  • The tech firms aren't giving people enough information about how they use their data, and why they might need to collect it.
  • The consumer group, the European Consumer Organisation (BEUC), used artificial intelligence to scan the privacy policies for 14 tech firms.
  • All the companies face massive fines if they don't comply with the GDPR.


Remember all those endless emails and app notifications about how important your privacy is to tech firms?

That was all about those firms having to obey new European privacy rules, officially known as the GDPR. But a new study from a European consumer group has found that most popular tech companies are falling short of properly obeying the rules.

9 PHOTOS
Companies Facebook confirms it shared data with
See Gallery
Companies Facebook confirms it shared data with

Apple

(REUTERS/Heinz-Peter Bader)

Samsung

(REUTERS/Kim Hong-Ji)

Amazon

(REUTERS/Abhishek N. Chinnappa)

Blackberry

(REUTERS/Mark Blinch)

Microsoft

(REUTERS/ Mike Blake)

Huawei  -- Chinese company is the world's third-largest smartphone maker

(REUTERS/Yves Herman)

Lenovo

(REUTERS/Gleb Garanich/File Photo)

OPPO -- Chinese smartphone maker

(REUTERS/Edgar Su)

TCL Corp. -- China's largest television and cellphone producer

(REUTERS/Claro Cortes IV CC/JJ)

HIDE CAPTION
SHOW CAPTION
of
SEE ALL
BACK TO SLIDE

The consumer group, BEUC, found post-GDPR privacy policies from 14 companies including Apple, Amazon, Facebook, and Google are "vague" and "insufficient." BEUC used artificial intelligence to scan every firm's privacy policy, comprising more than 80,000 words in total.

Monica Goyens, director general of the European said: "A little over a month after the GDPR became applicable, many privacy policies may not meet the standard of the law. This is very concerning. It is key that enforcement authorities take a close look at this."

According to the analysis, Facebook doesn't tell users about how it might use sensitive information that is protected under GDPR, such as religious and political views. While Facebook tells users these are protected categories, it doesn't actually state how the company might use that data should you choose to give it up.

Facebook also doesn't properly explain why it needs people's device data, how people can opt out of tracking on Facebook, and how third parties might use people's information.

BEUC criticised Google's language as "unclear" on how it uses people's information for advertising or other purposes. The group also found Apple's collection of voice and image data worrying, and said the firm didn't give a good enough explanation of how it gathers that information.

And it criticised Amazon for making a "vague threat" to users who don't hand over personal data. Specifically, Amazon tells users who don't disclose their data that some features won't be available to them — but the company isn't clear about what those features are, the report said.

Amazon said it believes it is GDPR-compliant and pointed to its privacy help page.

A spokesman said: "Protecting the privacy of our customers is always a top priority and has been built into our services for years. We have introduced a new Privacy Help page that shows customers how they can easily manage and access their information across our retail, entertainment services, and devices, as well as centralized privacy settings for Alexa that give customers control over their data."

Facebook and Google did not immediately respond to a request for comment.

The new rules are seen as a way of controlling the big Silicon Valley firms. They face fines of up to 4% of their annual turnover if they don't comply with the legislation.

Aside from fines, the tech firms are also under threat from lawsuits. BEUC said it was considering legal action. And its report follows $8 billion (£6 billion) in GDPR-related lawsuits filed by the Austrian privacy activist and lawyer Max Schrems.

NOW WATCH: What would happen if America's Internet went down

See Also:

SEE ALSO: EU privacy watchdog: Big tech firms are 'blackmailing' users into agreeing with their new data terms

Read Full Story