Data rights nonprofit NOYB fired off its first complaints under Europe’s flagship data regulation, GDPR, on May 25, 2018, the day GDPR came into force. The complaints allege Google, WhatsApp, Facebook, and Instagram forced people into giving up their data without obtaining proper consent. Four years later, NOYB is still waiting for final decisions to be made. And it’s not the only one.
Since the General Data Protection Regulation went into effect, data regulators tasked with enforcing the law have struggled to act quickly on complaints against Big Tech firms and the murky online advertising industry, with scores of cases still outstanding. While GDPR has immeasurably improved the privacy rights of millions inside and outside of Europe, it hasn’t stamped out the worst problems: Data brokers are still stockpiling your information and selling it, and the online advertising industry remains littered with potential abuses.