Case between Schrems and Facebook intensifies as further questions are raised
Case between Schrems and Facebook intensifies as questions are forwarded from Austrian Supreme Court to CJEU.
Austrian lawyer and activist, Maximilian Schrems is once again making headlines, as Austrian Supreme Court accepted his request to refer key questions regarding his Facebook case to the CJEU. The focal point of this privacy case is Schrems claim that Facebook violates user rights under EU GDPR with regards to consent, and the fact that the company uses consent as contract permission to push targeted ads. According to recent reports, in this long standing case between Facebook and Maximilian Schrems, questions are being raised about the legal basis of Facebook’s data use of its EU customers.
Facebook has been processing user data under the EU GDPR on the basis of a contract, as opposed to user consent.
Ever since the EU GDPR came into effect in 2018, Facebook has, instead of relying on consent or user data processing, claimed that users were now under contract to receive personalized advertising. The EU GDPR had raised the requirements for consent, and this move was seen as a way for Facebook to undermine the EU GDPR and avoid obtaining informed and freely given consent from its users.
Mr Schrems was quoted as saying “Facebook tried to strip users of many GDPR rights by simply ‘reinterpreting’ consent to be a civil law contract.”
Facebook was also accused of failing to adhere to the GDPR principle of data minimisation.
Facebook was accused of collecting more data than deemed necessary, particularly through its ‘like’ feature, present on Facebook.com as well as several other websites and sources. Questions regarding this matter, as well as Facebook’s use of sensitive user data (for example a user’s political opinion or affiliation or their sexual orientation) for the purposes of personalized advertising, we’re forwarded to the CJEU. Schrems claims that these questions are crucial. According to Schrems “ Facebook may not be allowed to use all data for advertisements anymore, even when I got valid consent. Equally, it may have to filter sensitive data from political opinions or data on sexual orientation.“
Maximilian Schrems was awarded €500 in symbolic damages for obstructive tactics used against him by Facebook.
Facebook was accused of creating an “Easter egg” hunt when asked by Max Schrems to provide him full access to his data. According to the court, Mr. Schrems got neither his raw data in it’s totality, nor did he receive very crucial information like the legal basis for the processing of his data. As a result he was awarded €500 in symbolic damages, due to Facebook’s obstructive tactics. Several questions have now been forwarded from the Austrian Supreme Court to the Court of Justice of the European Union regarding Facebook’s alleged non compliance with the EU GDPR.
Does your company have all of the mandated safeguards in place to ensure compliance with the GDPR, Law Enforcement Directive and Data Protection Act 2018? Aphaia provides both GDPR and Data Protection Act 2018 consultancy services, including data protection impact assessments, and Data Protection Officer outsourcing. We can help your company get on track towards full compliance. Contact us today.
- Facial recognition technology use by US federal agencies - September 21, 2021
- Proposal for an EU AI Regulation - September 16, 2021
- Cookie consent pop-ups among the ICO’s intended topics of discussion at the recent G7 meeting - September 14, 2021