That didn't take long.
Within hours of the General Data Protection Regulation (GDPR) going into effect today, a privacy group accused Facebook (FB), Alphabet (GOOGL)'s Google, WhatsApp, and Instagram of violating Europe's strict new data-protection law.
Austrian lawyer Max Schrems, a frequent critic of Facebook's privacy policies, on Friday filed complaints that claim the companies forced members to consent to terms of service with a "take it or leave it" threat.
"Tons of 'consent boxes' popped up online or in applications, often combined with a threat, that the service cannot longer be used if user(s) do not consent," Schrems’ nonprofit organization, NOYB, said in a statement.
The complaints could result in fines of more than $8 billion.
GDPR requires firms gain consent from customers to use their data, as well as give them the option to review and delete data stored on them. Violators face penalties of 20 million euros or 4% of world revenue, whichever is higher.
In separate statements, Facebook—which owns Instagram and WhatsApp—and Google said they have taken steps to meet GDPR guidelines.
What they didn't say, but legal experts and tech insiders will, is that business heavyweights like Facebook and Google are far better positioned to cope with GDPR and other regulations.
"Regulation, in general, favors incumbents, who have the expertise and finances, compared with smaller competitors," Peter Reinhardt, CEO of customer-data platform Segment, tells Barron's. He points to the growing reluctance of major brands to use data-management platforms, where customer-level data is gathered, analyzed, and deployed.
"Facebook and Google have the resources to comply, but this is a reminder to ad-tech companies to get their tech house in order," Reinhardt says, alluding to the number of companies that were at risk of failing to meet today's deadline.
Some 60% of 531 information-technology, cybersecurity, and compliance experts worldwide surveyed said companies were at risk of missing the GDPR deadline, according to cloud-security firm Alert Logic and Crowd Research Partners.
By putting a stake into the ground with its headline-grabbing complaints, NOYB highlighted the fact that the companies who should be sweating over GDPR recriminations are several magnitudes smaller than Google and Facebook.
Sign up to Review & Preview, a new daily email from Barron’s. Every evening we’ll review the news that moved markets during the day and look ahead to what it means for your portfolio in the morning.
