Facebook must face privacy lawsuit in Austria, EU court rules

Facebook must face privacy lawsuit in Austria, EU court rules

But plaintiff Max Schrems must stand alone, as the court has ruled out the option of a class action


Facebook must defend its privacy policy against a consumer lawsuit in an Austrian court, the European Union’s highest court has ruled. Its judgement has consequences for all businesses handling the personal information of consumers in the EU. 

The lawsuit concerns claims by Austrian resident Max Schrems that Facebook infringed data-protection laws regarding his private Facebook account, and those of seven other users who assigned him their claims, creating a sort of class action.

Facebook makes its money by targeting advertising at its users based on their age, gender, location, interests, and behaviors. In the third quarter of 2017 it made over US$10 billion in revenue, 88 percent of it from mobile users.

The company had argued that the Austrian courts did not have jurisdiction over Schrems’ claims because he had acted as a professional, not a consumer, using Facebook to promote his book and lectures on data protection. EU law allows consumers, in certain circumstances, choose the forum for litigation, for example to sue businesses in their home country rather than where the company has its registered office.

The dispute over jurisdiction went all the way to Austria’s Supreme Court, which referred the question of Schrems’ status as a consumer to the Court of Justice of the European Union.

If the CJEU had followed Facebook’s reasoning, it would have been forced to conclude that Schrems had forfeited the right to consumer forum, and would have to sue Facebook in Ireland, where the subsidiary through which it makes contracts with EU users, Facebook Europe, is based.

On Thursday the court concluded that Schrems’ use of his Facebook account is that of a consumer, as he uses a separate Facebook page for his professional activities.

However, it rejected the notion that others could benefit from his consumer status to join his Austrian lawsuit. They will have to file their own lawsuits, it concluded.

This means Facebook will have to face Schrems’ accusations of breaches of data protection rules in the Austrian courts -- but he and 25,000 other Facebook users from Austria and elsewhere who had assigned him their claims will not be able to pool their resources in attacking the social networking behemoth.

The CJEU’s ruling will be more comforting for businesses, now less likely to face consumer class actions in some European countries, than was the last one that Schrems triggered in his legal actions against Facebook. Back in October 2015, it invalidated the EU-U.S. Safe Harbor Agreement protecting the transatlantic transfer of personal data, leaving many businesses in limbo until a new, stricter data transfer agreement was introduced.

“My fight shows that as an individual user you need a lot of energy and time to even just get a case before a court, but it also shows that a lot is possible, like the win over Safe Harbor,” Schrems said via email.

Schrems is looking forward to May this year when a new law, the General Data Protection Regulation, will introduce stricter data protection rules and allow consumers to take collective legal action across the EU to defend their right to privacy. He is board member of a new organization, NOYB -- European Center for digital Rights, that is seeking crowdfunding to take such actions.

“It is time that the fight for our fundamental rights is not a matter of an individual, but is based on a proper structure,” he said.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Brand Post



Malwarebytes shoots the breeze with channel, prospects

Malwarebytes shoots the breeze with channel, prospects

A Kumeu, Auckland, winery was the venue for a Malwarebytes event for partner and prospect MSPs - with some straight shooting on the side. The half-day getaway, which featured an archery competition, lunch and wine-tasting aimed at bringing Malwarebytes' local New Zealand and top and prospective MSP partners together to celebrate recent local successes, and discuss the current state of malware in New Zealand. This was also a unique opportunity for local MSPs to learn about how they can get the most out of Malwarebytes' MSP program and offering, as more Kiwi businesses are targeted by malware.

Malwarebytes shoots the breeze with channel, prospects
EDGE 2019: Channel forges new partnerships during evening networking

EDGE 2019: Channel forges new partnerships during evening networking

Partners, vendors and distributors reconnected during a number of social gatherings during EDGE 2019. The first evening saw the channel congregate for a welcome party at the Hamilton Island yacht club, while the main poolside proved to be the perfect stop for a barbecue on the final night.

EDGE 2019: Channel forges new partnerships during evening networking
Show Comments