Tech giants which provide streaming services – including Apple, Amazon, Netflix, Spotify and Google – have been accused of breaching GDPR by failing to be upfront about what customer data they collect and what they use it for.
Privacy group NOYB – set up by Facebook nemesis Max Schrems – has rifled off ten complaints to the Austrian Data Protection Authority over companies’ handling of so-called “right to access” requests.
Under GDPR, people have the right to request copies of the information a company holds on them, which includes: the categories of personal data involved; where that data came from; who it has been shared with; and how long and where it will be stored.
NOYB worked with a group of ten volunteers who requested their data from eight tech companies, Amazon Prime, Apple Music, Netflix, SoundCloud, Spotify, YouTube, DAZN and Flimmit.
However, NOYB found that the data they received was “insufficient or inaccurate”, with companies including Apple providing data in “an incomprehensible form”.
Schrems said: “Many services set up automated systems to respond to access requests, but they often don’t even remotely provide the data that every user has a right to.
“In most cases, users only got the raw data, but, for example, no information about who this data was shared with. This leads to structural violations of users’ rights, as these systems are built to withhold the relevant information.”
In response to the complaints, Spotify said: “Spotify takes data privacy and our obligations to users extremely seriously. We are committed to complying with all relevant national and international laws and regulations, including GDPR, with which we believe we are fully compliant.”
Amazon added: “Protecting the privacy of our customers is always a top priority and has been built into our services for years…We comply with any request from a data subject to provide access to the personal data that Amazon is processing.”
The move comes just days after Apple chief executive Tim Cook called for US regulators to allow consumers to track and delete their personal data and tackle the “shadow economy” of data brokers.
In an article in Time magazine, Cook called on the US Federal Trade Commission to launch a “data-broker clearing house” where companies which buy and sell data will have to log their activities and be held accountable.
Related stories
‘I don’t believe it’…young make most GDPR complaints
Fears grow as ‘millions plan to delete data under GDPR’
Firms face bombardment of data requests under GDPR
Google GDPR shortcomings leaving ad clients exposed
GDPR one month on: Google admits that it’s clueless
Let battle commence: first GDPR complaints are filed