SHARE
COPY LINK

PRIVACY

Austrian activist told he can’t bring class action case against Facebook

Austrian activist Max Schrems cannot bring a class action against Facebook for privacy breaches, although he is allowed to sue the US social media giant on a personal basis, the adviser to the EU's top court said on Tuesday.

Austrian activist told he can't bring class action case against Facebook
Max Schrems pictured at a courthouse in Vienna in 2015. Photo: AFP

Schrems had lodged cases in an Austrian court on behalf of seven other users in Austria, Germany and India against Facebook's Irish division for various alleged rights violations involving personal data.

Facebook had argued that people can only sue as individual consumers, not as groups — and moreover that Schrems's professional activities on his account meant he was no longer a private consumer in any case.

The advocate general to the European Court of Justice, Michal Bobek, said in a legal opinion that Schrems “may be able to rely on his consumer status in order to sue Facebook Ireland before the Austrian courts.”

“However, Mr Schrems cannot rely on his consumer status with respect to claims assigned to him by other consumers.”

The EU advocate general's legal opinions are often, but not always, followed by the ECJ's judges in their final decisions.

Austria's Supreme Court had referred the matter to the ECJ after Schrems's lawsuit was first thrown out and then restored by the country's courts.

'Emotional horror stories' 

Class actions in the EU would mean litigants could effectively shop around the bloc for the “more favourable courts”, lower costs or better legal aid, potentially overburdening some countries, the advocate general added.

The adviser also urged the EU to set up a better system for class action lawsuits in future.

Facebook welcomed the findings on the collective lawsuit.

“Today's opinion supports the decisions of two courts that Mr Schrems's claims cannot proceed as 'class action' on behalf of other consumers in Austrian courts,” a Facebook spokesman said in a statement to AFP.

Schrems said the findings were “unfortunately hard to understand,” saying that there had been other examples of joint cases that had been allowed to go ahead in the EU.

“It seems that Facebook has managed to score with their emotional horror stories, according to which collective actions by consumers are highly questionable,” he said in a statement.

“From a purely legal point of view, I have a hard time to follow the arguments by the advocate general.”

Schrems single-handedly brought down the EU's former “Safe Harbour” data sharing arrangement in 2015 after he sued Facebook in Ireland over the transfer of personal information by Facebook from Europe to the United States.

The ECJ ruled the 16-year-old deal was illegal after Schrems cited US snooping practices exposed by former US intelligence contractor Edward Snowden.

Schrems is now suing Ireland's data protection regulator over the issue in a separate case being considered by the ECJ.

 

PRIVACY

How Austrian privacy activists are taking on tech giant Google

Austrian online privacy activist Max Schrems has taken on a new battle: taking Google to task for the "illegal" tracking code on its Android mobile phones.

How Austrian privacy activists are taking on tech giant Google
Google headquarters in the rain. Photo: TOLGA AKMEN / AFP

The action against Google is the latest in what Schrems, 33, describes as “David versus Goliath” struggles against the internet’s giants.

Leading a team of seasoned lawyers at his privacy campaign group NOYB (None Of Your Business), the relaxed and affable Schrems tells AFP he is motivated simply by the fact that companies that dominate the internet “make profits from violating the laws”.

READ MORE: Eight weird and wonderful Austrian place names

NOYB was set up in 2018, at the same time as the European Union implemented its landmark General Data Protection Regulation (GDPR), legislation aimed at making it simpler for people to control how companies use their personal information.

The handful of employees at NOYB are currently pursuing no fewer than 150 complaints in various jurisdictions.

“Ideally we should not exist,” says Schrems, pointing to publicly funded watchdogs that ought to be keeping companies in line.

“The problem is that in many member states that is not properly done,” he adds. He cites the example of Ireland, where numerous multinationals have their European headquarters.

That means around 4,000 complaints are filed with the Irish authorities every year but according to Schrems “this year they plan to have six to seven decisions.”

That means that “99.9 percent of the cases… are simply taken and thrown in the trash can”.

“That is a fundamental problem we have in Europe, we are very good at passing laws and praising ourselves about… how great we are at human rights, but we are actually not very good at enforcing it,” he says.

‘Wilful’ rule-breaking 

The latest complaint against Google has been filed with the CNIL, France’s data protection authority.

At the same time, NOYB has an active complaint against Apple over a similar tracking code issue, despite Apple’s stated intention to update its operating system later this year to force app developers to ask users’ permission before tracking their activities across other companies’ apps and websites.

A decade after Schrems tackled his first cases, his outrage at the opaque workings of internet giants has not dimmed, in particular at what he terms “wilful” rule-breaking.

“If no one follows the rule and gets away with it, then why even bother having a democratic process in the first place?” he asks.

He laments the tendency for groups such as the internet’s “Big Four” — Google, Facebook, Amazon and Apple — to engage in “responsibility shifting” to users by introducing new and often bewildering layers of privacy settings.

For example, “Facebook regularly puts out a hundred more buttons with options and then they present it as more privacy for the user, whereas in reality no one in the world is going to click on these buttons,” he says. 

‘Anti-Zuckerberg’? 

In the context of a debate that has sprung up in relation to coronavirus contact tracing apps, Schrems said he was surprised at the widespread concern over the apps’ privacy implications — despite many of them being well designed in this respect.

“It is a bit strange to think that people trust Google with all their data, but they wouldn’t trust their health ministry,” he says.

Alongside his current legal battles, Schrems is also keeping an eye on talks between the EU and the United States on the thorny matter of data transfers.

He has won two of his most famous legal victories in relation to that issue: in 2020 one of his complaints led the EU’s top court to strike down an online data arrangement known as “Privacy Shield” between Europe and the US.

In 2015, another case brought by Schrems scuppered a previous EU-US deal on which tech giants depended to do business.

What are the chances of a replacement deal that won’t meet a similar fate?

Schrems expects “a half-half solution” that will lead to “Schrems 3,4,5” being thrashed out in the courts, adding: “It’s kind of weird to have your name on a case.”

He strikes a modest tone when reflecting on the way he has become something of a poster boy for online privacy, the “anti-Zuckerberg”.

“You need a David versus Goliath and so on, so I accepted to be that David for the sake of having stories on it,” he says.

In the same way that “you need a Greta Thunberg to have a face on climate change because it’s a very abstract debate… I may sometimes be the face of that privacy debate,” he says.

SHOW COMMENTS