Facebook set to face Austrian GDPR case following court intervention

Posted on June 17, 2019

 

A case filed against Facebook immediately after the General Data Protection Regulation (GDPR) came into effect seems likely to go ahead, following approval from the Austrian Supreme Court.

Max Schrems, an Austrian lawyer and co-founder of the digital rights organisation noyb, filed complaints against Facebook, Google and other major tech companies as soon as GDPR became official on May 25th, 2018, although he claims that the case has been pending for five years. The complaints centre on the idea of “forced consent”, and the allegation that sites like Facebook are threatening to block or restrict services for users who refuse to consent to privacy and data use policies.

Facebook had attempted to block the case, arguing that jurisdiction should fall on the data protection commissioner in Ireland, where its European headquarters are based. However, the Austrian Supreme Court has rejected this claim, and this potentially game-changing ruling means that GDPR lawsuits can be filed by anyone in the European Union.

Along with the accusations of gaining consent in unlawful ways, the case argues that Facebook’s privacy policies and data disclosure are not in compliance with GDPR, and questions how well the company is following the new regulation in general.

Describing himself as “very pleased” with the decision, Schrems argues in a noyb statement that even winning part of the case would be a success, as it would force Facebook to make alterations to its business model that protect users’ online privacy, and that he has confidence in the lawsuit being a success.

If found to be in breach of the GDPR, Facebook could face fines of up to €7bn (£6.2bn), according to ComputerWeekly.com. This would completely dwarf the current largest GDPR fine – a comparatively paltry €50m issued to Google in January. That too stemmed from a late-May complaint by noyb, along with another one from French organisation La Quadrature du Net.

The enormous fines potentially being faced by companies like Facebook are due to their size and yearly revenue, so are beyond what anything a small business would be hit with. Even so, with GDPR noncompliance punishable with a fine of 4% of a company’s annual revenue, a fine can be just as damaging, if not more so, to the average British SME. To make sure your site is fully GDPR compliant, why not speak to the team at Engage Web?

John Murray

Content Team Leader at Engage Web
John works for Engage Web as a Content Team Leader and regularly contributes to the website and programmes of his beloved Chester F.C.

Like us on Facebook to see more posts like this

You might also be interested in:

No Comments »

There are no comments on this yet, be the first to write a comment.

RSS feed for comments on this post. TrackBack URL

Have your say!

Call Now Button

We have worked with:

minute-man-press-image
TEL: 0345 621 4321