Netflix, Spotify & YouTube: Οκτώ στρατηγικές καταγγελίες που κατατέθηκαν στο "Δικαίωμα πρόσβασης"

Οκτ 08, 2019

Γρήγοροι σύνδεσμοι:

Δελτία Τύπου ( PDF ) & Δωρεάν Γραφικά, Έγγραφα και Εικόνες ( ZIP )

Online-Οδηγός: Πώς να κάνετε μια αίτηση πρόσβασης; ( Σύνδεσμος )

Αντιγραφή παραπόνων ( Link )

Δικαίωμα πρόσβασης. Σύμφωνα με τον νέο Κανονισμό Γενικής Προστασίας Δεδομένων ("GDPR"), οι χρήστες απολαμβάνουν "δικαίωμα πρόσβασης". Οι χρήστες έχουν το δικαίωμα να λάβουν αντίγραφο όλων των πρώτων δεδομένων που κατέχει μια εταιρεία σχετικά με το χρήστη, καθώς και πρόσθετες πληροφορίες σχετικά με τις πηγές και τους παραλήπτες των δεδομένων, τον σκοπό για τον οποίο επεξεργάζονται τα δεδομένα ή πληροφορίες για τις χώρες στις οποίες τα δεδομένα αποθηκεύονται και για πόσο διάστημα αποθηκεύονται. Αυτό το "δικαίωμα πρόσβασης" κατοχυρώνεται στο άρθρο 15 του GDPR και στο άρθρο 8 παράγραφος 2 του Χάρτη Θεμελιωδών Δικαιωμάτων.

Οκτώ από τις οκτώ παραβιάσεις. η noyb (ένας ευρωπαϊκός μη κερδοσκοπικός οργανισμός για την επιβολή της προστασίας της ιδιωτικής ζωής) έχει δοκιμάσει το νόμο και οκτώ υπηρεσίες online streaming από οκτώ χώρες - αλλά καμία υπηρεσία δεν συμμορφώθηκε πλήρως. Σε οκτώ από τις οκτώ περιπτώσεις, η noyb υπέβαλε σήμερα επίσημες καταγγελίες στις αρμόδιες αρχές προστασίας δεδομένων. Όλοι οι μεγάλοι πάροχοι ασχολούνται ακόμη και με την «διαρθρωτική παραβίαση» του νόμου, λέει ο Max Schrems, διευθυντής του noyb.

Structural Violations. While many smaller companies manually respond to GDPR requests, larger services like YouTube, Apple, Spotify or Amazon built automated systems that claim to provide the relevant information. When tested, none of these systems provided the user with all relevant data.

Max Schrems, director of noyb: “Many services set up automated systems to respond to access requests, but they often don’t even remotely provide the data that every user has a right to. In most cases, users only got the raw data, but, for example, no information about who this data was shared with. This leads to structural violations of users’ rights, as these systems are built to withhold the relevant information.”

DAZN and SoundCloud simply ignored the request. While all other streaming services have provided some response to the request of users to access their data at least, the UK sports streaming service “DAZN” and the German music streaming service SoundCloud have not even responded.

Missing Information & Incomprehensible Raw Data. The rest of the streaming services provided at least some raw data in response to the access requests. However, these responses were lacking background information, such as the sources and recipients of data or on how long data is actually stored (“retention period”). In many cases, the raw data was provided in cryptic formats that made it extremely hard or even impossible for an average user to understand the information. In many cases certain types of raw data were also missing.

10 Complaints filed today. noyb has filed complaints with the Austrian Data Protection Authority ( against 8 companies, on behalf of 10 users today. The Austrian authority will have to cooperate with the relevant authorities at the main establishment of each streaming service. As GDPR foresees € 20 million or 4% of the worldwide turnover as a penalty, the theoretical maximum penalty across the 10 complaints could be  € 18.8 billion.

Transparency is a Corner Stone. The right of access is a cornerstone of the data protection framework. Only when users can get an idea of how and why their data is stored or shared they can realistically uncover violations of GDPR and consequently take action.

Everyone can make a request. Every user has the right to get a copy of his or her data and to receive additional information. Usually users can fill out a form or send an email to most services. noyb has collected the links and forms for major streaming services on its webpage for everyone to use.

noyb gets privacy on your phone. Article 80 of the GDPR foresees that data subjects can be represented by a non-profit association, as individual users are usually unable to file the relevant legal complaints. In this case all ten users are represented by the non-profit organization noyb. Schrems: “noyb is meant to reasonably enforce the new law, so that the benefits actually reach the users.”

Funding still on the way. So far, is funded by over 3,100 individual supporting members and sponsors (for example, or the City of Vienna). In order to finance the fight against data breaches in the long term, the association is looking for more supporting members. So far, the budget for 2018 is only 75% funded. Schrems: “In 1995 the EU already passed data protection laws, but they were simply ignored by the big players. We now have to make sure this does not happen again with GDPR – so far many companies only seem to be superficially compliant.”




Our work is made possible by more than 3.100 supporting members – any maybe you?