On January 18th, the Austrian NGO noyb filed ten strategic complaints with the Austrian data protection authority against 8 companies for violations of Article 15 of the GDPR on the right to access.
These complaints follow from a test conducted by noyb which revealed structural violations of this right by most streaming services, including Amazon, Apple, DAZN Spotify and Netflix. According to noyb, “while many smaller companies manually respond to GDPR requests, larger services like YouTube, Apple, Spotify or Amazon built automated systems that claim to provide the relevant information. When tested, none of these systems provided the user with all relevant data.”
Based on the access request made to these companies, the NGO often received basic but incomprehensible raw data or incomplete information. In two cases, the requests were ignored despite clear obligation under Article 12 of the GDPR to respond to such request within one month, to the very least to explain why access may not be granted.
noyb has filled complaints with he Austrian authority which will have to cooperate within the European Data Protection Board with the relevant authorities at the main establishment of each streaming service. As GDPR foresees € 20 million or 4% of the worldwide turnover as maximum fine for potential violations of data subject’s rights such as the right to access, the theoretical amount of the maximum fine across the 10 complaints could reach € 18.8 billion.
More information on noyb’s test and all complaints can be found here.
Provided by Access Now.