EU's Highest Court Says Privacy Activist Can Litigate Against Facebook In Austria, But Not As Part Of A Class Action

from the new-EU-law-will-soon-make-that-possible-anyway dept

Last November we reported on the legal opinion of one of the Advocates General that advises the EU’s top court, the Court of Justice of the European Union (CJEU). It concerned yet another case brought by the data protection activist and lawyer Max Schrems against Facebook, which he claims does not follow EU privacy laws properly. There were two issues: whether Schrems could litigate against Facebook in his home country, Austria, and whether he could join with 25,000 people to bring a class action against the company. The Advocate General said “yes” to the first, and “no” to the second, and in its definitive ruling, the CJEU has agreed with both of those views (pdf). Here’s what Schrems has to say on the judgment (pdf):

The Court of Justice of the European Union (CJEU) confirms that Max Schrems can litigate in Vienna against Facebook for violation of EU privacy rules. Facebook’s attempt to block the privacy lawsuit was not successful.

However, today the CJEU gave a very narrowly definition of the notion of a “consumer” which deprives many consumer from consumer protection and also makes an Austrian-style “class action” impossible.

The rest of his press release gives background details of the case. Schrems explains why being able to bring a class action in Austria is important:

If a multinational knows that they cannot win a case, they try to find reasons so that a case is not admissible, or they try to squeeze a plaintiff out of the case by inflating the costs.. Facebook wanted to ensure that the case can only be heard in Dublin [where its EU headquarters are located], as Ireland does not have any class action and litigating even one model claim would cost millions of Euros in legal fees. In this case we’d have a valid claim, but it would be basically unenforceable.

EU consumer groups agree that an option to bring class actions is needed, as EurActiv reports:

The ECJ’s finding has caused outrage among consumer groups that have campaigned for years for the [European] Commission to propose legislation allowing for EU-level class action lawsuits involving complainants from different member states. They argue that collective redress will make it easier and cheaper for consumer to sue.

The same articles notes that Schrems and the consumer groups may soon get their wish: the European Commission is expected to unveil proposals for a new law that will allow collective redress to be sought across the EU. Even if that does happen, it’s likely to take years to implement. Before then, Facebook has many other problems it needs to confront. First, there is Schrem’s personal suit against the company, which can now proceed in the Austrian courts. As he points out:

Facing a lawsuit, which questions Facebook’s business model, is a huge risk for the company. Any judgement in Austria is directly enforceable at Facebook’s Irish headquarter and throughout Europe.

That is, if Schrems wins his case, other EU citizens will be able to use the judgment to sue Facebook more easily. And Facebook may have headed off the threat of a class action under existing law, but the EU’s new General Data Protection Regulation (GDPR), which will be enforced from May of this year, explicitly allows non-profit organizations to sue on the behalf of individuals. Article 80 of the GDPR says:

The data subject shall have the right to mandate a not-for-profit body, organisation or association which has been properly constituted in accordance with the law of a Member State, has statutory objectives which are in the public interest, and is active in the field of the protection of data subjects’ rights and freedoms with regard to the protection of their personal data to lodge the complaint on his or her behalf

With that in mind, Schrems is crowdfunding just such a public interest, not-for-profit body, None of Your Business (noyb), which Techdirt discussed in December. At the time of writing, noyb is within a few percent of achieving its goal of €250,000. Facebook is naturally well-aware of the GDPR’s likely impact. The company’s Chief Operating Officer Sheryl Sandberg said recently:

We’re rolling out a new privacy center globally that will put the core privacy settings for Facebook in one place and make it much easier for people to manage their data

Satisfying the requirements of the GDPR is not the only looming problem for Facebook. In Germany, the company is facing what is potentially an even more serious challenge, as the FT reports (paywall):

Germany is threatening curbs on how Facebook amasses data from millions of users in what would be an unprecedented intervention in the social network’s business model.

Andreas Mundt, head of Germany’s main antitrust agency, the Federal Cartel Office, said Facebook could be banned from collecting and processing third-party user data as one possible outcome of an investigation that in December concluded the US technology group was abusing its dominant market position.

If Germany goes ahead with these plans, it will drastically reduce the scope for Facebook to make money by using consolidated data about its users to sell advertising space, and may well encourage other EU nations to follow suit.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Filed Under: , , , , ,
Companies: facebook

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “EU's Highest Court Says Privacy Activist Can Litigate Against Facebook In Austria, But Not As Part Of A Class Action”

Subscribe: RSS Leave a comment
4 Comments
orbitalinsertion (profile) says:

_Facebook could be banned from collecting and processing third-party user data as one possible outcome of an investigation that in December concluded the US technology group was abusing its dominant market position. _

How about _everyone_ stop doing it. You can show us as many crappy ads as you like (if we don’t block your insane number of domains, scipts, and ads loading on your pages). Don’t datamine us.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »