An Austrian privacy nonprofit has brought formal complaints against eight companies, including Amazon.com and Netflix, over alleged General Data Protection Regulation violations.

Data privacy organization Noyb announced Friday that it filed a series of complaints with the  Austrian Data Protection Authority against major tech companies who it alleged are not in compliance with GDPR's Article 15, which outlines European Union residents' “right to access” their personal data from processors.

“A test by noyb shows structural violations of most streaming services,” the organization said in a press release. “In more than 10 test cases noyb was able to identify violations of Article 15 GDPR in many shapes and forms by companies like Amazon, Apple, DAZN, Spotify or Netflix. noyb filed 10 strategic complaints against 8 companies today.”

Noyb said it tested eight streaming services: Amazon Prime, Apple Music, DAZN, Flimmit, Netflix, SoundCloud, Spotify and YouTube and found none in total compliance with GDPR Article 15.

Smaller services such as DAZN and SoundCloud didn't respond to Noyb's requests to retrieve test users' personal data, according to the organization. All of the other services responded, but Noyb said they did not provide adequate background information on data storage and its sources and recipients.

“Many services set up automated systems to respond to access requests, but they often don't even remotely provide the data that every user has a right to. In most cases, users only got the raw data, but, for example, no information about who this data was shared with,” said Max Schrems, the director of Noyb, in Friday's release. “This leads to structural violations of users' rights, as these systems are built to withhold the relevant information.”

Noyb said it filed a total of 10 complaints on behalf of 10 users Friday. GDPR's maximum fine for violations can be as high as 4 percent of global revenue or 20 million euros ($22.8 million), whichever is higher.

Apple Music, DAZN, Flimmit, SoundCloud and YouTube did not immediately respond to requests for comment. An Amazon representative said in a statement that protecting customer privacy is “always a top priority and has been built into our services for years.”

“We comply with any request from a data subject to provide access to the personal data that Amazon is processing,” the representative said.

Representatives from Netflix and Spotify offered similar statements.

“Privacy and data protection are core to Netflix, and we comply with the GDPR. We have not yet formally received the complaint,” said a representative from the Los Gatos, California-based company.

In an email Friday, Spotify's representative said the company “takes data privacy and our obligations to users extremely seriously. We are committed to complying with all relevant national and international laws and regulations, including GDPR, with which we believe we are fully compliant.”

Read More: