U.S.A
Several major technology companies have faced scrutiny and legal actions for misleading practices related to data collection and user privacy. Here are some notable instances:
1. Facebook’s Misleading Data Practices and Regulatory Actions:
- FTC’s $5 Billion Penalty (2019): The Federal Trade Commission (FTC) imposed a $5 billion fine on Facebook for violating a 2012 order by misleading users about their ability to control the privacy of their personal information. Despite user privacy settings, Facebook shared data with third-party app developers, contradicting its assurances to users. ftc.gov
- South Korea’s Fine for Unauthorized Data Collection (2024): South Korea’s Personal Information Protection Commission fined Meta (Facebook’s parent company) $15 million for illegally collecting and sharing sensitive personal information from users without explicit consent between July 2018 and March 2022.
2. Google’s Misleading Location Data Practices:
- Australian Federal Court Ruling (2021): Australia’s federal court found that Google misled consumers about personal location data collection through Android devices. Users were led to believe that turning off ”Location History” settings would stop data collection, while another setting, ”Web & App Activity,” continued to collect location data. reuters.com
3. Use of Dark Patterns to Manipulate User Consent:
- Norwegian Consumer Council Report (2018): A report titled ”Deceived by Design” accused companies like Facebook, Google, and Microsoft of using deceptive user interface designs, known as ”dark patterns,” to nudge users toward sharing more personal data. These designs made it difficult for users to opt out of data collection, undermining informed consent. Wikipedia+1Fortune+1
4. PRISM Surveillance Program Involvement:
- Collaboration with NSA (Revealed in 2013): The PRISM program, disclosed by Edward Snowden, revealed that companies like Microsoft, Google, and Facebook provided the National Security Agency (NSA) with direct access to user data, including emails and video chats, without users’ knowledge. This raised significant concerns about user privacy and the extent of corporate cooperation with government surveillance. Wikipedia
5. Unauthorized Data Sharing with Advertisers:
- Meta’s Data Sharing Practices (2025): Investigations revealed that gambling websites tracked and shared user data with Facebook without explicit consent. Approximately one-third of 150 analyzed gambling sites embedded Meta Pixel, automatically sharing data with Meta upon webpage loading, leading to targeted gambling ads on Facebook despite users not consenting to data sharing. The Guardian
6. Misleading Users About Data Collection Practices:
- Google’s Use of Dark Patterns (2018): The Norwegian Consumer Council reported that Google used deceptive design patterns to manipulate users into enabling location tracking, making it challenging for users to opt out. Fortune
These instances highlight the ongoing challenges in ensuring transparency and user consent in data collection practices among major tech companies.
Europe
Several major technology companies have faced scrutiny and legal actions in Europe for misleading data collection practices and violations of data protection regulations. Notable instances include:
1. Meta Platforms (formerly Facebook):
- Record GDPR Fine for Data Transfers (2025): In January 2025, Meta was fined €1.2 billion by the Irish Data Protection Commission (DPC) for unlawfully transferring personal data from the European Union to the United States, violating the General Data Protection Regulation (GDPR). This fine is one of the largest imposed under GDPR to date. Wikipedia+1CSO Online+1
- Unauthorized Data Collection Allegations (2024): European consumer rights groups accused Meta of conducting a ”massive” and ”illegal” operation of collecting user data without proper consent, leading to further investigations into its data processing practices. cnn.com
2. LinkedIn:
- €310 Million Fine for Data Privacy Violations (2024): In October 2024, the Irish DPC fined LinkedIn €310 million for breaching the EU’s data privacy regulations. The investigation revealed that LinkedIn lacked a lawful basis for collecting users’ personal data for targeted advertising, violating principles of lawfulness, fairness, and transparency. apnews.com
3. Uber:
- €290 Million Fine for Unlawful Data Transfers (2024): Uber was fined €290 million by the Dutch Data Protection Authority for transferring personal data of European drivers to the U.S. without sufficient safeguards, violating GDPR. The data included sensitive information such as account details, location data, and payment information. Investopedia
4. Apple:
- Antitrust Investigation Over Privacy Tool (2025): Apple faces a potential antitrust fine from French regulators due to its App Tracking Transparency (ATT) tool. The ATT feature allows iPhone users to choose which apps can track their activity, significantly impacting digital advertising and mobile gaming companies. Regulators are concerned that Apple’s practices might be abusive, discriminatory, and non-transparent regarding user data for advertising. reuters.com
5. NOYB’s Actions Against Tech Companies:
- Complaints Against Google, Instagram, WhatsApp, and Facebook (2018): The non-profit organization NOYB filed complaints against these companies for their use of ”forced consent,” alleging violations of GDPR by not presenting opt-ins for data processing consent on an individualized basis and requiring users to consent to all data processing activities or be forbidden from using the services. Wikipedia+1Wikipedia+1
These cases underscore the ongoing challenges and regulatory efforts in Europe to ensure transparency and user consent in data collection practices among major tech companies.