In case you were wondering about who has jurisdiction to hear cases based on a model EU’s General Data Protection Regulation (GDPR) lawsuit – Austria’s Supreme Court has decided it is “everyone.”
NOYB, the Vienna-based European Center for Digital Rights, is reporting about this on its blog.
The non-profit’s co-founded by privacy activist Max Schrems was behind the attempt to sue in Austria on GDPR grounds.
Facebook argued that the Irish Data Protection Commissioner was the one with jurisdiction in the case – but this stance was also upheld by the Vienna Regional Court, while the Supreme court made a ruling to the contrary.
Double your web browsing speed with today's sponsor. Get Brave.
Schrems, whose group’s goal is “to hold companies accountable and make privacy real,” previously sued Facebook Ireland over the practice of transferring EU citizens’ personal data to the United States without their consent and contrary to the GDPR – which will now be heard before the European Court of Justice (ECJ). That case before the ECJ, dubbed as being “landmark” will proceed despite Facebook’s best efforts to stop it.
Reuters said that if ECJ’s decision outlawing the current practices would hit thousands of companies, “including human resources databases, credit card transactions and storage of internet browsing histories.”
Before all this, the court in Ireland found that the US was a country without inadequate private data protections compared to the EU, making those data transfers highly worrisome.
In his comments, Schrems was optimistic that even a partial victory in the case would force Facebook to do nothing less than “adapt its business model” to a “considerable degree.
Although the goal of the suit was reportedly to bring Facebook in line with the GDPR – legislation that is now a year old – Schrems said that the effort went on and was being hampered by Facebook for five years total and that he hoped for a quick resolution after the latest Austrian decision.
While at it, the Austrian Supreme Court also ruled against “national alterations” of the GDPR – and against any attempt to limit rights using the country’s law.
Facebook’s privacy woes have only grown since Edward Snowden’s 2013 revelations about the extent of privacy violations, and recently since it emerged the tech giant had a sharing arrangement that included data of millions of users with Cambridge Analytica.