Data protection is something that the European Union (EU) takes seriously, especially where its citizens are concerned. Under article 8 of the Charter of Fundamental Rights of the European Union, every EU citizen has the right to have their personal data:
- Protected;
- Processed fairly for a specified purpose;
- On the basis of their consent or a legitimate interest;
- Have access to it; and
- Have it corrected.
There have been recent developments in the EU over the infringement of the General Data Privacy Regulation (GDPR) by tech giants, which we must follow keenly to see if these companies will make changes in their apps, and whether the compliance changes in their apps will extend to countries where EU citizens reside like Kenya. These developments include:
Germany’s competition regulator Bundeskartellamt, announced its intentions to compel Google to give its users more control over information usage and tracking across its subsidiary businesses (YouTube, Maps, Google Search) because:
- The regulator felt that the information given to users on data collection, processing and sharing with third party apps and websites was ambiguous, yet Google uses the data to analyze user habits to create detailed user dossier for advertising and generating algorithms.
- Google has vague settings, with interfaces created to compel users into agreeing to its data processing requirements.
- .
The German’s Competition Act was amended to allow for early intervention by the cartel office where companies, especially tech giants, are seen to have a preeminent significance across markets. As a result, the regulator discovered that Alphabet (Google’s owner) needed to be regulated since it met the regulation threshold set under section 19a of the German’s Competition Act for large digital companies.
Implications
- The giant gets massive revenues from digital advertisements in its Google Ads platform, because of the competitive edge it has based the data collected from the different services it offers. The regulator’s requirement may be a major setback on how Google generates revenue since its business model is heavily reliant on processing users’ personal data.
- The administrative proceedings against Google are still ongoing and could result in: Google making certain commitments on how data will be processed, the regulator prohibiting Google’s practices or, dismissing the case altogether.
- Meta
In a complaint filed by noyb on 25th May 2018, the European Data Protection Board (EDPB) recently declared Meta’s business model illegal. This means that Facebook and Instagram can no longer collect personal data to run behavioral ads without user consent. Meta had by-passed the requirement to get opt-in consent from users for tracking and online advertisement, by adding a provision to its terms and conditions.
The GDPR prohibits the forcing of users into agreeing to have their personal data collected in exchange for a service. However, Meta has been of the view that the GDPR’s contractual necessity exception allows it to collect personal data to meet its terms of service because collecting personal data for behavioral advertising was necessity. This argument was rejected by EDPB.
Implications
- Users are entitled to an app version of Facebook, WhatsApp and Instagram that do not use personal data for advertisement.
- Meta will be required to ask for consent from users through the use of the to opt in prompt (yes/no option), before using personal data for ads.
- Users will be entitled to withdraw their consent for processing of personal data without Meta limiting the service.
- The restriction of unlimited advertising will affect Meta’s profits because of its ad-based business model.
The German regulator’s decision doesn’t have a wider impact as the EDPB’s decision. However, the move by both bodies will impact the companies duopoly over the digital platform which they had dominated for years. Whether Google and Meta will effect app changes across the globe or localize them is something a majority are keen on.