The GDPR took effect on Friday along with a second law, the Data Protection Directive, which deals with the way EU law enforcement authorities handle citizens' data.
Austrian lawyer Max Schrems has also filed a complaint against Facebook, and its subsidiaries Instagram and WhatsApp, making a similar allegation and seeking €3.9 billion (US$4.5 billion), according to The Verge.
The basis for his complaints is that though the companies have made changes to their privacy policies to meet the requirements of the GDPR, the new policies amount to an all-or-nothing offer.
Legal expert Rashda Rana, a senior counsel in the UK, told iTWire before the legislation came into force that it required businesses to protect personal data and privacy of EU citizens for transactions that occur within EU member states.
Plus, it also regulates the export of personal data outside the EU. The GDPR’s overall aim is to give European residents greater control and visibility over their personal data, thereby also strengthening data protection.
The GDPR states that those who are covered by it should be able to pick and choose parts of a policy to which they want to agree.
Schrems' argument is that neither Google nor Facebook offer users this fine-grained control over what happens to their personal data.
He told the Financial Times: “They totally know that it’s going to be a violation. They don’t even try to hide it.”
Schrems' complaints were made to data protection authorities in EU states other than Ireland and will be forwarded to the Irish Data Protection Authority as both Google and Facebook have the EU head offices in Dublin.
The Austrian activist has set up a privacy lobby group called None of Your Business to file the complaints.
His complaint against Google relates to the company's Android mobile operating system which, he claims, bounces a user into the Google ecosystem, an act he claims is a breach of the informed consent stipulation of the GDPR.
Schrems has in the past made complaints against Facebook in 2011, 2013 and 2014. In 2015, he obtained a ruling from the European Union's Court of Justice knocking down a safe harbour provision that permitted companies to move personal data from the EU to the US.