Meta is once again trying to circumvent the GDPR and abuse your personal data - this time for AI.
Our legal action against such breaches of the law is only possible thanks to our 5,195 supporting members.
Find out how you can support our work here:
Everyone hates
#CookieBanners
. That is why noyb issued the largest waive of up to 10,000
#GDPR
complaints to give users a clear yes/no option.
Find out more:
🚨Breaking: Following our complaints from 2018, Meta's business model has been declared illegal in the EU. The EDPB decided that Meta cannot force users to agree to personalized ads.
Read our full statement here:
🚨BREAKING: Following noyb litigation,
@Meta
(Facebook and Instagram) has been prohibited from using personal data for advertisement.
The
#GDPR
decision signals a major blow to Meta's business model in Europe, as Meta faces a € 390 Mio fine.
➡
🔴 We filed a complaint against Google: The Android Advertising Identifier (AAID) allows Google and all apps on the phone to track a user and combine information about online and mobile behaviour.
🌊 This week, noyb launched the second wave of its project against "Dark Patterns" and unlawful cookie banners. The first wave of complaints already brought some improvements - take a look! 👀
📢 After sending a written warning to over 500 companies two months ago, we filed 422 complaints on nerve-wrecking cookie banners today. While 42% of all violations were remedied, 82% of all companies have not fully stopped violating the GDPR:
🚨 noyb has filed a complaint against the ChatGPT creator OpenAI
OpenAI openly admits that it is unable to correct false information about people on ChatGPT. The company cannot even say where the data comes from.
Read all about it here 👇
Being tracked for personalized advertising by Meta– or pay up to €251.88 a year to retain the fundamental right to data protection - noyb files new GDPR complaint against Meta over “Pay or Okay”
Done with boring
#GDPR
compliance paperwork?! 🤨
WE ARE HIRING legal experts in data protection! Get one of the most intersting jobs on
#GDPR
and shape the future of the law! 😀
⏩Apply until this Sunday! ⏪ [Pls RT]
Details >>
🇸🇪 GDPR Rights in Sweden: Court confirms that authority must investigate complaints.
So far, the IMY took the view that users are not a party in procedures concerning their own GDPR rights:
We just filed a GDPR complaint against
@Google
for tracking users through an “Android Advertising ID” without a valid legal basis.
More information this way ⬇️⬇️
🚨 noyb has filed a complaint against Google for tricking Chrome users into ad tracking!
👉 Google's so-called Privacy Sandbox is presented as a privacy feature. But when users enable it, they are unknowingly consenting to online tracking.
More details:
⚠ noyb filed a complaint against the EU Commission
👉 The EU Commission used micro-targeting on X to promote its chat control legislation
👉 This violated the EU GDPR and undermined established democratic procedures between EU institutions
read more:
📢 BREAKING: Austrian Supreme Court asks CJEU if Facebook "undermines" the GDPR by confusing 'consent' with an alleged 'contract'.
If so, they would not only have to stop processing data, but also pay damages to millions!
More here:
🚨 noyb has filed 9 complaints against Twitter/X over unlawful AI training!
👉 The Irish DPC's court action against X didn't address the core violations. It didn't determine legality and leaves many questions unanswered. noyb requests full investigation.
🚨 noyb has filed 11 complaints against Meta to prohibit the abuse of people's personal data for Artificial Intelligence!
👉 We urgently request the data protection authorities to launch an urgency procedure and immediately stop the company's move!
⚠ After five years of litigation by noyb, Meta finally announced that it will ask users for consent before showing them behavioral ads.
We will keep a close eye on whether Meta will actually apply all the consent requirements of the GDPR.
🍏 We filed complaints against Apple's tracking code "IDFA" which allows Apple and all apps on the phone to track a user and combine information about online and mobile behaviour.
⚠ Meta will apparently to move to a "Pay for your Rights" model in the European Union!
EU users would then have to pay $ 168 a year if they don't want to give up their fundamental right to privacy on Facebook and Instagram. This move is inacceptable.
⚠New complaint⚠ Amazon couldn't provide any explaination for automated decision making after denying a customer a specific payment method. Access request revealed numerous additional GDPR violations by Amazon. Find out more here ⏩
🍪Following a first batch of complaints in May 2021, we filed the final round of "One Trust" complaints today. Despite receiving a step-by-step guide on how to be GDPR compliant, 226 websites still used deceptive designs and unlawful cookie banners:
🔊 Yesterday we have field our first round of
#GDPR
complaints on
#ForcedConsent
. This was only possible because of 2.800 supporters - but our intended budget for 2018 is still only 70% funded!
⏩If you want to
#MakePrivacyReal
, think about joining today!
🚨 Thanks to a loophole in Swedish national law, large data brokers can simply obtain a “media licence”, exempting their entire business from the GDPR.
👉 NOYB has now filed a complaint against one data broker to challenge this loophole.
Our first
#GDPR
complaint over invalid consent from May 25th last year has lead to a € 50 Mio fine for
#Google
by the
#CNIL
today! 🥳
⏩ More Information:
⏩ Support our work:
(Preliminary) noyb win:
@Meta
stops using EU/EEA data for "Meta AI" after 11 complaints by noyb and mounting criticism by other EU/EEA data protection authorities! 😀🥂
More:
The DPC welcomes the decision by Meta to pause its plans to train its large language model using public content shared by adults on Facebook and Instagram across the EU/EEA. This decision followed intensive engagement between the DPC and Meta.
Read 👉
📢 Following complaints by noyb, the CNIL officially states that EU-US data transfers via Google Analytics are illegal and orders a French operator to comply:
📢 Irish DPC issues draft decision: In the DPC’s view Facebook can simply choose to include the agreement on data processing in a "contract", which would make the GDPR requirements for "consent" not apply anymore.
Watch our statement here:
🎂GDPR is 3🎂Europe has passed the most progressive privacy legislation in the world, but there is still a lot of work ahead to see true enforcement. Read our interim conclusion to 3 years GDPR here:
"Noyb hat eine Software entwickelt, die rechtswidrige Cookie-Banner erkennt und automatisch Beschwerden generiert. Nach dem Start mit rund 560 großen Website will der Verein bis zu 10.000 der meistbesuchten Websites untersuchen."
💬"Meta was fined a record 1.2 billion euros and ordered to stop transferring data collected from Facebook users in Europe to the United States, in a major ruling against the social media company for violating European Union data protection rules."
🎉noyb win: Following noyb complaints from 2023, the Belgian data protection authority has ordered four major Belgian news sites to bring their cookie banners into GDPR compliance and imposes potential penalty of €50,000 per day per website
Do you own a Fitbit? Then chances are that your personal data is being unlawfully transferred to the US and other countries outside the EU.
We filed three complaints to stop Fitbit from forcing new app users to consent to these transfers.
🚨 EU Commission launches DMA investigation against Meta over "Pay or Okay"!
👉 They suspect that the system breaches the DMA rules on data combination and doesn't give users a real choice.
The EU Commission just presented a "new" "Trans-Atlantic Data Privacy Framework"
#TADPF
with the USA - which is largely a copy of
#PrivacyShield
.
noyb will challenge the decision.
"Bullshit of the Week" brings well-selected absurdities from our daily work directly to your newsfeed. Starting off we would like to share some high-class bullshit that "Clearview AI" treated us to lately. Enjoy! 🤭
❗Breaking: Meta Tracking Tools unlawful
In a groundbreaking decision in one of noybs 101 complaints, the Austrian Data Protection Authority decided that the use of Facebook’s tracking pixel directly violates the GDPR:
Imagine you have to pay for privacy in your own car. If more companies follow Meta's "Pay or Okay" approach, having a choice will become a privilege. We urge the
@EU_EDPB
to oppose "Pay or Okay" in their upcoming decision to protect the right to privacy! ⏩
🚨 The Dutch DPA has fined Clearview AI €30 million for the "illegal data collection for facial recognition"!
👉 Although not related to noyb's own litigation, the decision confirms the arguments we made in previously filed complaints.
⚠ BREAKING: Grindr was fined € 6.34 Mio by
@datatilsynet
following a GDPR complaint by
@Forbrukerradet
and noyb. The LGBTQI dating app had not received valid consent from users, but had been sharing sensitive personal data nonetheless.
➡
⚖ New Decision: Italian DPA fines facial recognition company "Clearview" € 20 million. Clearview must stop scraping images and metadata of people in Italy and delete whatever data was gathered via their facial recognition system. 🎭
⚡️The Swedish Data Protection Authority (IMY) has issued a € 5 million fine against
@Spotify
(based on a
@noybeu
complaint) for
#GDPR
violations. Spotify did not allow users to fully access their own data.
➡️
UPDATE: Irish Supreme Court dismisses
@Facebook
's final attempt to block CJEU case on EU-U.S. data transfers, stating that Facebook could not substantiate its claims (
#QuelleSurprise
).
Hearing in Luxembourg on July 9th 🥳🇪🇺
⏩More:
🚨 GDPR complaint against X (Twitter) over illegal micro-targeting for chat control ads!
The platform unlawfully used the political views and religious beliefs of its users to determine whether they should see an ad campaign from the EU Commission.
⚠Decision: The European Data Protection Supervisor issued a decision confirming that the European Parliament violated data protection law on its COVID testing website. ➡
🚨 noyb has filed a complaint against the ad broker Xandr (a Microsoft subsidiary)!
👉 Despite selling its service as “targeted”, Xandr holds conflicting information about people. As if that weren't enough, Xandr refuses to comply with access requests.
📝 Have you ever wondered how mobile apps are handling your personal data?
Fnac, MyFitnessPal and SeLoger illegally share it with third parties immediatly after opening.
To stop this practice, we filed three complaints against the companies in France.
One Month after
#SchremsII
we have filed 101
#GDPR
complaints on EU controllers continuing to send the data of each webpage visitor to Google US and Facebook US under
#PrivacyShield
or
#SCCs
⏩More:
⏩All Complaints:
#WatchDogs
Ready to crumble!
We all hate annoying, deceptive cookie banners - about time to get rid of them.
#InvestInPrivacy
and become a noyb supporting member today to help us achieve this goal!
➡
Instead of focusing on on the legal matters of the supposedly new EU-US "Data Privacy Framework", EU Commissioner Reynders used his podium on Monday to discredit the work of NGOs like noyb.
We request a rectification and apology
#OpenLetter
Today we published an
#OpenLetter
two years after
#GDPR
, with a special focus on how the
@DPCIreland
is (not) dealing with our complaints and how they engaged with
#Facebook
on bypassing the law via a "contract".
⏩See all details at
noyb filed a criminal report with the Austrian Corruption Prosecutor, following
@DPCIreland
's "procedural blackmail" - demanding
@noybeu
to sign an "NDA" (in DPC's and Facebook's favor) in exchange for our right to be heard. The whole story and a video:
🎉 noyb win: A court has ordered the Spanish DPA to act on a complaint against facial recognition company Clearview.
The DPA had claimed that it isn't competent, despite other EU authorities already having imposed multi-million euro fines.
Summary here:
⚠ noyb filed a second complaint against Meta concerning its "Pay or Okay" system!
Meta not only charges a "privacy fee" from users who don't want to be tracked. It also ignores the users' right to easily withdraw their consent.
More on our website 👇
⚠ € 5,8 million fine against the dating app Grindr has been confirmed by the Norwegian Privacy Appeals Board!
The decision follows a complaint by the Norwegian Consumer Council (NCC) from 2020. noyb assisted the NCC in its legal analysis.
⚠ Three years ago today, we have filed 101 complaints against companies that relied on illegal data transfers to the USA.
📊 A new analysis now shows: Because of inactive DPAs, more than 70 percent of those complaints are still pending today.
"Fences" and "Signs" won't stop NSA surveillance: Austrian Data Protection Authority could fine
@Google
up to €6 billion since they are still transferring data to the US - ignoring two Court of Justice rulings. Read more here:
❗❗The European Commission has committed to examining every large-scale GDPR case, everywhere in Europe. It will measure how long each procedural step in a case is taking, and what the relevant data protection authorities are doing to progress the case:
✈ Ryanair pushes customers to go through an invasive facial recognition process - but only if they're booking through an online travel agent.
⚠ noyb files a complaint against the airline to stop it from "nudging" people into biometric face scans.
(Reuters) As Europe’s new privacy law (
#GDPR
) took effect on Friday, activists wasted no time in asserting the additional rights it gives people over the data that companies want to collect about them. [VIDEO]
Reading the reactions by some industry lawyers on
#SchremsII
, it seems they only got a tiny version of the Charter of Fundamental Rights - we got the massive versions too.. 😉
#PrivacyShield
#SCCs
#GDPR
Within only two months, you have allowed us to fund a whole new non-profit... 😍
Thank you very much for your great support. We will now be able to start with noyb's operational work on May 25th - when the new EU data protection rules ("GDPR") will come into force! 😊
🚨 noyb has filed two complaints against
@Microsoft
for violating children's data protection rights!
👉 The company shifts responsibility for GDPR compliance to local schools...
👉 ...and places tracking cookies without consent
Read all about it here:
💬The
@EU_EDPB
confirmed it has made binding decisions in the three complaints against Meta platforms Facebook, Instagram and WhatsApp: Meta’s ad model will face significant restrictions in the EU:
Meta tried to bypass the consent requirement for tracking and online advertisement by arguing that ads are a part of the "service" that it contractually owes the users. Here is our explanation of what happened 4,5 years ago:
⚖ Contrary to EU law, the Swedish Data Protection Authority (IMY) regularly refuses to properly handle complaints from data subjects.
🚨 noyb is now taking the IMY to court to ensure that it finally complies with its obligations.
While the GDPR was deemed to set the standard for data protection five years ago, many EU member states have developed procedural ways to undermine the GDPR.
We therefore made a "GDPR Trap Map" with many of the national procedural issues to click through:
💬 “It’s interesting to see that the different European Data Protection Authorities all come to the same conclusion: the use of Google Analytics is illegal."🙅♀️
🚨🕵️ Instead of taking criticism from all over Ireland and Europe seriously, the
@DPCIreland
has slipped an Amendment into an Irish bill, that would make talking about
#GDPR
procedures a crime! 🤐
The final vote
@OireachtasNews
is on Wednesday!
⏩More:
The EDPB will soon decide on the future of Meta's “Pay or Okay” system. If it is legitimised, other companies will follow suit.
Privacy cannot become a privilege. We urge the EDPB, together with 28 other NGOs, to defend the right to privacy!
⏩
🍪 In case you missed it: We have published our Consent Banner Report! 🎉
👉 Below is an overview of the different positions taken by national DPAs compared to the recommendations of the EDPB taskforce:
🍪More and more websites have been adding "reject" options to their cookie banners- as foreseen by the GDPR. In 2021, noyb scanned the web for illegal cookie banners and filed more than 700 complaints across Europe. A final scan shows a detailed assessment after 1.5 years: (1)
WOOOHOOOO !!!! 🎉🍾🎆
will be able to start enforcing
#GDPR
on May 25th 2018 - as we just passed our €250k minimal goal! THANKS A LOT! 😍
⏩ For everyone that did not join yet: The €500k goal for "full noyb" is still there! 😉
🎉Happy Data Protection Day!🎉
The GDPR is a strong piece of legislation with, so far, weak enforcement. In an overview of our complaints since 2018, noyb wants to show how that lack of enforcement manifests in individual cases: