GDPR: Google and Facebook face up to $9.3B in fines on first day of new privacy law

An Austrian privacy group is wasting no time.

Sean Keane Former Senior Writer
Sean knows far too much about Marvel, DC and Star Wars, and poured this knowledge into recaps and explainers on CNET. He also worked on breaking news, with a passion for tech, video game and culture.
Expertise Culture | Video Games | Breaking News
Sean Keane
2 min read
Social Media on Portable Devices

Facebook is among the first companies to be hit with a complaint under new EU privacy laws.


Google, Facebook, Instagram and WhatsApp have been hit with privacy complaints within hours of GDPR taking effect Friday -- complaints that could carry fines of up to $9.3 billion in total.

Privacy-advocacy group Noyb.eu said the four companies are forcing people to adopt a "take it or leave it" approach with regard to  privacy  -- essentially demanding that users submit to intrusive terms of service. 

The Noyb group is run by Austrian data privacy activist Max Schrems, who compared that choice to a "North Korean election process."     

"Tons of 'consent boxes' popped up online or in applications, often combined with a threat, that the service cannot longer be used if user[s] do not consent," his group said in a statement.

Noyb is asking regulators in France, Belgium, Hamburg and Austria to fine the companies up to the maximum 4 percent of their annual revenue that the GDPR rules allow, which could potentially add up to a $4.88 billion fine for Google parent company Alphabet and $1.63 billion for each of Facebook, and its Instagram and WhatsApp services. That's only if European regulators agree with Noyb.eu and decide to fine the companies the full amount, though. 

Watch this: GDPR: Here's what you need to know

GDPR, short for General Data Protection Regulation, is designed to give citizens of the European Union greater control over how their information is used online. It kicked in Friday after a two-year transitional period, and its effect was immediate. Europeans, for example, were blocked from several US news outlets Friday as a result of the regulation.

Google  has said it's taken key steps to ensure compliance ahead of the new law.

"We build privacy and security into our products from the very earliest stages and are committed to complying with the EU General Data Protection Regulation," a Google spokesperson said in a statement, which also noted its blog post on GDPR.

Facebook , which owns Instagram and WhatsApp, said the company has been working to meet the requirements of  GDPR .

"Over the last 18 months, we have taken steps to update our products, policies and processes to provide users with meaningful data transparency and control across all the services that we provide in the EU," Erin Egan, Facebook's chief privacy officer, said in an emailed statement.

First published May 25 at 6:16 a.m. PT.
Update at 11:04 a.m. PT: Adds details about the size of any potential fines.