Giovanni Buttarelli, the European Data Protection Supervisor, told Business Insider that he has concerns about the way some firms have approached General Data Protection Regulation (GDPR), which came into force on Friday.
He did not single out any companies, but the likes of Facebook, Google, and Twitter have all asked users to consent to new terms in recent weeks.
Buttarelli said his office will examine the "tech giants'" take-it-or-leave-it approach to data consent, which he said in some cases amounts to a "blackmailing" of users because if they don't agree, they will be kicked off the platform.
The consent issue is already the subject of a GDPR complaint by Austrian data activist Max Schrems. On Friday, Schrems filed claims against Facebook, Google, Instagram, and WhatsApp, which he said are trying to "force you to consent" to their new privacy policies. If successful, it could result in fines of billions of dollars.
"We know there are a lot of pages drafted in legalese, in a defence mode. There are some sentences that may be arguable and controversial," Buttarelli said of his early assessments of companies' updated terms, suggesting there could be some merit in Schrems' complaints.
Buttarelli is responsible for helping enforce data protection laws across the EU. His office works with European member states to help them interpret regulation and protect consumers.
He continued: "Is it really free and not detrimental [to take] the approach where you say: 'This is what you should accept. There is no alternative. Otherwise, you are out of the service.'"
"That's a big point we have to analyse. The processing of data should be fair and not only connected to a legal base, to be freely chosen by the data controller ...
"Consent was and will remain one of the requisites to process personal data, not necessarily the only one, but the main one. According to the GDPR, where indispensable, where requested, the consent should be more genuine, more transparent, more specific, more informed, more rebukable."
Buttarelli said he hopes that GDPR eventually means that big tech companies take a more serious and fair approach to privacy.
"Not only ticking boxes, but having a continuous and revolutionary approach to privacy. Embedding data protection into the day-to-day life of every single company. And being more accessible and transparent with the users," he explained.
Facebook, which owns Instagram and WhatsApp, told Reuters that it has worked for 18 months to be compliant with GDPR. Eric Schmidt, a board member at Google's parent company Alphabet, told the VivaTech conference in France on Friday: "The GDPR is the law of the land and we have fully complied with it.