Data Protection Case Against Facebook Ireland Open To All Users Outside Of US & Canada

Austrian privacy activist Max Schrems wants Facebook to pay for breaching European data protection law, and has filed a lawsuit against the company that is open to all users outside of the U.S. and Canada.

According to a report from Wired UK, Schrems’ case against Facebook’s Dublin-based European subsidiary is seeking damages of €500 ($670) per user. The lawsuit claims Facebook Ireland committed a number of data protection breaches, including:

• Failing to get “effective consent” for using data
• Implementing a legally invalid data use policy
• Tracking users online outside of Facebook via “Like” buttons
• Failing to make Facebook’s Graph Search opt-in
• Unauthorized passing of user data to external apps
• Involvement in NSA’s Prism program

Wired UK reports anyone outside of the U.S. and Canada — which amounts to 82 percent of Facebook’s user base — can sign-up to participate in the lawsuit on fbclaim.com up until the day oral evidence is given in Vienna.

Depending on how many people actually sign up, the €500 fee per user could amount to sizable legal fees for Facebook should the courts rule in Schrems favor.

While the case was filed in Vienna’s Commercial Court after Irish regulators failed to take what Schrems believed was sufficient action, the case will be decided under US law as, “…Facebook Ireland chooses California for civil disputes.”

According to Wired UK, Schrems has been fighting Facebook for the past four years:

Schrems’ battle against the social network has been ongoing since 2010, when he requested Facebook send him all the user data it had on him. He received 1,200 pages. He went on to front the aptly named Europe versus Facebook group, which has pushed for changes to Facebook’s policies and practices that will bring them in line with EU Data Protection law.

Wired UK said Schrems actions led to Facebook ending facial recognition and getting rid of excessive data on its users.

Noting how many large corporations currently use behavior-tracking data, the case could impact how big data is used in relation to Europe’s data protection laws.

“EU data protection law also requires consent to be ‘unambiguous and informed’,” said Schrems, “You hardly find a privacy policy that is unambiguous and leaves the user with serious information.”

As of now, there has been no decisions or forward movement on the case.

“The case was running for three years,” Schrems told Wired UK, “So far there is no decision. They usually promise a decision ‘next month’ or ‘soon’, but there was no binding outcome from the complaints for three years now.” Schrems believes the delayed legal proceedings are on account of political and economic pressure not to enforce legislation against Facebook.