Apple and Amazon are among eight tech firms named in a complaint filed in Austria by non-profit organization NOYB, which cited their failure to comply with the European Union’s General Data Protection Regulation (GDPR).
The action by NOYB, chaired by data privacy activist Max Schrems, also named Netflix, Spotify and Alphabet’s YouTube in the action, after it tested them by requesting private data the companies hold about the user.
“No service fully complied,” NOYB said in its statement.
The GDPR, implemented in May, gives users the right to access their data and information about the sources and recipients of the data. Social networks must regain Europeans’ consent every time they want to use their data in new ways, including for targeted advertising.
The GDPR foresees fines of up to 4 percent of global revenues for companies that break the rules.
NOYB said it filed its complaints with the Austrian authority on behalf of 10 users. The Austrian watchdog would have to work with its counterparts at the streaming services’ main establishments.
“Many services set up automated systems to respond to access requests, but they often don’t even remotely provide the data that every user has a right to,” Schrems said. “This leads to structural violations of users’ rights, as these systems are built to withhold the relevant information.”
Schrems is a veteran privacy campaigner who took his first legal action against Facebook as a student in 2011.
Now a lawyer, Schrems filed complaints last year against Google, Facebook, Instagram and WhatsApp, arguing they were acting illegally by forcing users to accept intrusive terms of service or lose access. Facebook owns Instagram and WhatsApp.
CNBC’s Anjali Robins contributed to this report.