The survey, conducted by Schrems’ digital rights group NOYB - short for None of Your Business - covered 33 companies. Most were American, but some were based in the EU and Britain.
Exercising the right of customers to ask companies how their data is handled under the EU’s General Data Protection Regulation (GDPR), the survey drew a mixed bag of responses - some firms did not respond and others gave misleading answers.
“The responses ranged from detailed explanations, to admissions that these companies have no clue what is happening, to shockingly aggressive denials of the law”, said Schrems.
NOYB said that rental platform AirBnB, streaming service Netflix and Facebook chat app WhatsApp didn’t reply, while other companies referred to privacy policies that did not address the questions asked.
Business collaboration platform Slack said it would not “voluntarily” pass on user data to the U.S. authorities, failing to address concerns that Washington has the legal power to conduct targeted surveillance of non-US citizens overseas.
“Overall, we were astonished by how many companies were unable to provide little more than a boilerplate answer”, said Schrems.
“The companies that did provide answers largely are simply not complying with the CJEU judgment. It seems that most of the industry still does not have a plan as to how to move forward.”