logo
logo
logo
logo
John Wyckoff 2016-09-13
img

In a class action initiated by the Facebook nemesis Max Schrems requires 25000 people compensation for how the social media giant surveyed the their lives.

Facebook way to meticulously collect, analyze and sell information about the users violate european data - and consumer law, argues the austrian lawyer Max Schrems.

He has therefore initiated a 25 000-strong class action against the company.

Two courts have already said no to taking up the class action, but now the Austrian supreme court sent the case to the EUROPEAN court of justice.

Max Schrems, the man who used russia's revelations of mass surveillance to trap the Safe Harbor agreement, initiated the process already in 2014.

He called on Facebook users outside north America to join, and got an abundance of volunteers.

collect
0
Kay Pry 2021-04-08
img

Tracking ID placed on mobile device without informed consent, says campaign group

Privacy group noyb, founded by rights advocate Max Schrems, has instigated a new complaint about Google's use of the Android Advertising ID (AAID) to track users.…

collect
0
James Manzo 2016-09-13
img

The Court of Justice of the European Union has been asked by Austria's Supreme Court to rule on a jurisdictional question

Max Schrems stands in front of the office of the Irish Data Protection Commissioner, where he filed complaints against Facebook.

A class-action-style lawsuit accusing Facebook of targeting advertising based on allegedly illegally processed personal data is heading for the European Union's highest court.

However, the Court of Justice of the EU is not being asked to rule on the substance of the case.

Instead, the Austrian Supreme Court has asked the CJEU to clarify whether someone who has become famous for their litigation of privacy rights can sue a company as an ordinary consumer under Austrian law.

The someone in question is Max Schrems, the man whose insistence that the Irish Data Protection Commissioner pay attention to his complaint against Facebook ultimately led to the biggest change in European privacy regulation in recent history.

collect
0
Ralph Knotts 2018-02-02
img

EU-based campaigner Max Schrems – famous for taking Silicon Valley to task over citizens' privacy rights – has set up a non-profit outfit called Noyb, having exceeded a crowdfunding target.

Noyb stands for “none of your business," and has, we're told, raised at least 300,000 Euros (£264,000, $373,354) from a Kickstarter campaign – enough to found the organization and get the ball rolling.

Schrems hopes to eventually raise €500,000 in total to fully fund his Noyb.

The NGO will “start operations in May 2018,” which, it says, will be “just in time for the new EU data protection rules (GDPR).”

It will operate through “a strategic choice of informal warnings, legal complaints, model lawsuits and different forms of collective redress” to fight for netizens’ rights.

Schrems told The Register a few weeks ago that he was “retiring” from “bringing cases for the rest of my life."

collect
0
Steven Cusick 2016-09-13
img

Europe's top court is deliberating Facebook and privacy issues,

On Monday, an attempt by Austrian privacy activist Max Schrems to

have a data protection case against Facebook heard as a class

action suit moved a step ahead — when Austria's Supreme Court

referred the question to the European Court of Justice CJEU .

But Facebook is questionin the right of Schrems, famous for

collect
0
Jacqueline Cleghorn 2019-01-21
img

As user privacy increasingly seems to be an alien concept to Silicon Valley and the other internet players, Austrian data privacy champion Max Schrems has jumped into the limelight once again.

Through a filing with the Austrian Data Protection Authority, by Schrem’s non-profit NOYB, the complaints focus on the ‘right to access’ enshrined in Article 15 GDPR and Article 8(2) of the Chart of Fundamental Rights.

Amazon, Apple, DAZN, Filmmit, Netflix, Sound Cloud, Spotify and YouTube are on the receiving end of the lawsuit, with the potential penalties ranging from €20 million through to €8 billion.

This leads to structural violations of users’ rights, as these systems are built to withhold the relevant information.”

GDPR is supposed to hand control of personal data back to said individual.

Its aim is to hold the digital society accountable to their actions and provide a certain level of justification for holding onto, and potentially monetizing, an individual’s personal information.

collect
0
Lawrence Bowman 2018-06-08
img

The European Parliament is sick and tired of Facebook refusing to properly answer its questions.

After the fiasco of the Mark Zuckerberg show, a further two hearings are planned for June 25 in Brussels and July 2 in Strasbourg.

However despite a clear request for COO Sheryl Sandberg to join the latter, Zuckerberg consistently proposes to send the social network’s policy lobbyists rather than those running the company day-to-day.

In a letter to Zuckerberg, seen by The Next Web, civil liberties committee chairman Claude Moraes says: “I would like to stress it is essential for Facebook’s credibility to show its commitment that you send staff members that are in charge of the departments concerned in your company and not public policy team members.”

In other words, the European Parliament is quite fed up of lobbyists and wants real answers.

However Zuckerberg seems determined to have his VP of Public Policy, Lord Richard Allan, as the main representative.

collect
0
Donald Koontz 2018-01-22
img

Data can now be hosted in "countries that provide an adequate level of protection for personal data", said the guidance, which was developed with the Department of Health, NHS England and NHS Improvement.

The intention is to encourage NHS bodies to sign up to cloud services, with a chunk of the guidance set aside to promote the benefits of the fluffy stuff.

"It is for individual organisations to decide if they wish to use cloud and data offshoring but there are a huge range of benefits in doing so, such as greater data security protection and reduced running costs when implemented effectively," said Rob Shaw, deputy chief executive at NHS Digital.

The touted benefits include cost savings through not having to buy and maintain hardware and software, and "comprehensive backup and fast recovery of systems".

These include that critical services will depend on reliable internet access, that existing staff might not have the technical expertise, and that tech budgets may need to switch from capital expenditure to pay-as-you-go.

The right cultural understanding and behaviours need to be in place to manage this portability appropriately and mitigate any risks," the document added.

collect
0
Dennis Masters 2018-05-25
img

Facebook bête noire Max Schrems, the Austrian privacy campaigner, today launched lawsuits worth over €7 billion under GDPR – Europe’s new data protection laws – against Facebook, Google, Instagram and WhatsApp.

The law suits were filed against Google in France, Instagram in Belgium Whatsapp in Ireland and Facebook in Austria by activist group noyb.eu.

The suites accuse the companies of forcing users to accept their data collection policies.

The company says it seeks users’ consent for certain specific types of data processing, such as ads based on data from partners; political, religious, and relationship information on user profiles and face recognition.

It claims others are necessary to provide personalised, free service to people around the world “contractual necessity” under GDPR.

Facebook’s chief privacy officer Erin Egan told Computer Business Review: “We have prepared for the past 18 months to ensure we meet the requirements of the GDPR.

collect
0
John Burns 2017-11-14
img

An Austrian privacy campaigner seeking to stop Facebook from transferring personal data out of the EU has been dealt a partial setback by one of Europe's top law officers.

Max Schrems has been told that he is unlikely to be able to bring a "class action" style case against Facebook's Irish unit in one of Austria's courts.

But he has instead been advised that he could sue the company on his own behalf.

Mr Schrems believes this could still let him set a precedent.

Although class actions are common in the US, the European equivalent - which are referred to as collective actions - are rarely accepted by local courts.

Mr Schrems had been seeking to claim 500 euros ($586; £448) in damages per person for about 25,000 people.

collect
0
Dennis Colella 2018-07-16
img

The US is under increasing pressure over Privacy Shield as an EU lawyers' association backed MEPs’ calls for a suspension of the deal.

Privacy Shield – which governs trans-Atlantic data flows, making it essential for the day-to-day workings of large numbers of companies – was hurriedly drawn up in summer 2016 after its predecessor, Safe Harbor, collapsed.

"The CCBE calls on the Commission to suspend the Privacy Shield and to offer its reimplementation on the condition that the necessary guarantees and safeguards, which are currently lacking, have been implemented," it said.

The intervention comes as a group of MEPs, who called for a ban on the deal if the issues aren't addressed by September, travels to Washington to discuss data privacy.

Relations between the US and the European Union are already strained over issues such as NATO and Russia, and the prospect of another data transfer deal collapsing heaps pressure on both sides as businesses are reliant on being able to send data across the Pond.

When Privacy Shield was agreed, one of the terms was an annual review.

collect
0
George Mitchell 2016-07-12
img

However, it is already facing opposition from legal activists and

pressure groups — suggesting a formal legal challenge is not far

"Privacy Shield" is a mechanism that legistimises the transfer of

personal data from Europe to the US, despite the two regions'

Thousands of companies send personal data back and forth between

the EU and the US on a daily basis — from customer data to

collect
0
Charles Houston 2017-09-18
img

While you were tucking into your ham sarnie European Commission Věra Jourová touched down in the US to start the first annual review of the EU-US Privacy Shield.

Somehow the review of this critical enabler has snuck under the radar though.

Considering it is such an important document for the digital economy, the foundations of the mechanism are pretty shaky.

“Europeans insist on having our data protected,” said Jourová (in the pink jacket, smiling menacingly, below).

“I expect there will be gaps identified by the review and some proposals for improvements but I don’t expect we will reopen negotiations again.”

Firstly, the US government still hasn’t appointed an ombudsman to oversee Privacy Shield.

collect
0
David Erb 2018-08-30
img

“No effective control over whether certified companies actually comply with the Privacy Shield provisions.”

A resolution issued by the European Parliament in July, which calls on the European Commission to suspend the EU – US Privacy Shield data transfer agreement, is days away from its September 1 deadline.

The parliament says the deal – a replacement for the Safe Harbor regime, which was struck down by the EU Court of Justice (“CJEU”) in 2015 – does not procure adequate personal data protection for EU citizens.

As one passage of the resolution puts it: “A number of concerns remain regarding both the commercial aspects and the access by US public authorities to data transferred from the EU… [including] the lack of concrete assurances of not conducting mass and indiscriminate collection of personal data (bulk collection).”

See also: UPDATED: Irish High Court Warns of “Potentially Grave Prejudice” in Landmark Facebook Ruling

The parliamentarians further raised commercial concerns, saying they are concerned by the fact that the Department of Commerce “has not made use of the possibility provided in the Privacy Shield to request copies of the contractual terms used by certified companies in their contracts with third parties to ensure compliance”.

collect
0
Marie Haines 2019-01-21
img

CNIL brands ad personalisation consent invalid, slams lack of transparency

Google has been fined a mammoth €50m by the French data protection watchdog for GDPR violations in a victory for Max Schrems' privacy group NOYB.

The French agency, CNIL, ruled today that the search giant had offered users inadequate information, spreading it across multiple pages, and had failed to gain valid consent for ads personalisation.

Acting on a complaint from NOYB and French group La Quadrature du Net, the agency said it had investigated the process for setting up a Google account from an Android device.

The CNIL concluded that Google had breached the General Data Protection Regulation in two ways: by failing to meet transparency and information requirements, and failing to obtain a legal basis for processing.

Under the law, it can award fines of up to €20m or 4 per cent of annual turnover – and it has wielded the new power with aplomb, handing out a €50m penalty.

collect
0
Annie Kelley 2019-01-21
img

Fine comes a day before Google’s EU move…

France’s data protection watchdog CNIL has fined Google €50 million (£44 million) for breaching Europe’s General Data Protection Regulation (GDPR) – just one day before Google moves its service provision to Dublin from the US and makes Google Ireland Limited the “data controller” legally responsible for EEA and Swiss users’ information.

The watchdog found that Google is not GDPR-compliant for two reasons: 1) data processing for new Android users appears to happen outside Europe without consent and 2) data processing permissions intended to help personalise ads are not transparent enough for users.

(The original complaint focussed on the notion of “forced consent“).

Google also by default ticks a box that says “I agree to the processing of my information as described above and further explained in the Privacy Policy” when a user creates a new account on their smartphone, without clearly specifying that this is for personalised ads not just on Android but across Youtube et al.

Google GDPR Fine: Information “Scattered”

collect
0
John Wyckoff 2016-09-13
img

In a class action initiated by the Facebook nemesis Max Schrems requires 25000 people compensation for how the social media giant surveyed the their lives.

Facebook way to meticulously collect, analyze and sell information about the users violate european data - and consumer law, argues the austrian lawyer Max Schrems.

He has therefore initiated a 25 000-strong class action against the company.

Two courts have already said no to taking up the class action, but now the Austrian supreme court sent the case to the EUROPEAN court of justice.

Max Schrems, the man who used russia's revelations of mass surveillance to trap the Safe Harbor agreement, initiated the process already in 2014.

He called on Facebook users outside north America to join, and got an abundance of volunteers.

James Manzo 2016-09-13
img

The Court of Justice of the European Union has been asked by Austria's Supreme Court to rule on a jurisdictional question

Max Schrems stands in front of the office of the Irish Data Protection Commissioner, where he filed complaints against Facebook.

A class-action-style lawsuit accusing Facebook of targeting advertising based on allegedly illegally processed personal data is heading for the European Union's highest court.

However, the Court of Justice of the EU is not being asked to rule on the substance of the case.

Instead, the Austrian Supreme Court has asked the CJEU to clarify whether someone who has become famous for their litigation of privacy rights can sue a company as an ordinary consumer under Austrian law.

The someone in question is Max Schrems, the man whose insistence that the Irish Data Protection Commissioner pay attention to his complaint against Facebook ultimately led to the biggest change in European privacy regulation in recent history.

Steven Cusick 2016-09-13
img

Europe's top court is deliberating Facebook and privacy issues,

On Monday, an attempt by Austrian privacy activist Max Schrems to

have a data protection case against Facebook heard as a class

action suit moved a step ahead — when Austria's Supreme Court

referred the question to the European Court of Justice CJEU .

But Facebook is questionin the right of Schrems, famous for

Lawrence Bowman 2018-06-08
img

The European Parliament is sick and tired of Facebook refusing to properly answer its questions.

After the fiasco of the Mark Zuckerberg show, a further two hearings are planned for June 25 in Brussels and July 2 in Strasbourg.

However despite a clear request for COO Sheryl Sandberg to join the latter, Zuckerberg consistently proposes to send the social network’s policy lobbyists rather than those running the company day-to-day.

In a letter to Zuckerberg, seen by The Next Web, civil liberties committee chairman Claude Moraes says: “I would like to stress it is essential for Facebook’s credibility to show its commitment that you send staff members that are in charge of the departments concerned in your company and not public policy team members.”

In other words, the European Parliament is quite fed up of lobbyists and wants real answers.

However Zuckerberg seems determined to have his VP of Public Policy, Lord Richard Allan, as the main representative.

Dennis Masters 2018-05-25
img

Facebook bête noire Max Schrems, the Austrian privacy campaigner, today launched lawsuits worth over €7 billion under GDPR – Europe’s new data protection laws – against Facebook, Google, Instagram and WhatsApp.

The law suits were filed against Google in France, Instagram in Belgium Whatsapp in Ireland and Facebook in Austria by activist group noyb.eu.

The suites accuse the companies of forcing users to accept their data collection policies.

The company says it seeks users’ consent for certain specific types of data processing, such as ads based on data from partners; political, religious, and relationship information on user profiles and face recognition.

It claims others are necessary to provide personalised, free service to people around the world “contractual necessity” under GDPR.

Facebook’s chief privacy officer Erin Egan told Computer Business Review: “We have prepared for the past 18 months to ensure we meet the requirements of the GDPR.

Dennis Colella 2018-07-16
img

The US is under increasing pressure over Privacy Shield as an EU lawyers' association backed MEPs’ calls for a suspension of the deal.

Privacy Shield – which governs trans-Atlantic data flows, making it essential for the day-to-day workings of large numbers of companies – was hurriedly drawn up in summer 2016 after its predecessor, Safe Harbor, collapsed.

"The CCBE calls on the Commission to suspend the Privacy Shield and to offer its reimplementation on the condition that the necessary guarantees and safeguards, which are currently lacking, have been implemented," it said.

The intervention comes as a group of MEPs, who called for a ban on the deal if the issues aren't addressed by September, travels to Washington to discuss data privacy.

Relations between the US and the European Union are already strained over issues such as NATO and Russia, and the prospect of another data transfer deal collapsing heaps pressure on both sides as businesses are reliant on being able to send data across the Pond.

When Privacy Shield was agreed, one of the terms was an annual review.

Charles Houston 2017-09-18
img

While you were tucking into your ham sarnie European Commission Věra Jourová touched down in the US to start the first annual review of the EU-US Privacy Shield.

Somehow the review of this critical enabler has snuck under the radar though.

Considering it is such an important document for the digital economy, the foundations of the mechanism are pretty shaky.

“Europeans insist on having our data protected,” said Jourová (in the pink jacket, smiling menacingly, below).

“I expect there will be gaps identified by the review and some proposals for improvements but I don’t expect we will reopen negotiations again.”

Firstly, the US government still hasn’t appointed an ombudsman to oversee Privacy Shield.

Marie Haines 2019-01-21
img

CNIL brands ad personalisation consent invalid, slams lack of transparency

Google has been fined a mammoth €50m by the French data protection watchdog for GDPR violations in a victory for Max Schrems' privacy group NOYB.

The French agency, CNIL, ruled today that the search giant had offered users inadequate information, spreading it across multiple pages, and had failed to gain valid consent for ads personalisation.

Acting on a complaint from NOYB and French group La Quadrature du Net, the agency said it had investigated the process for setting up a Google account from an Android device.

The CNIL concluded that Google had breached the General Data Protection Regulation in two ways: by failing to meet transparency and information requirements, and failing to obtain a legal basis for processing.

Under the law, it can award fines of up to €20m or 4 per cent of annual turnover – and it has wielded the new power with aplomb, handing out a €50m penalty.

Kay Pry 2021-04-08
img

Tracking ID placed on mobile device without informed consent, says campaign group

Privacy group noyb, founded by rights advocate Max Schrems, has instigated a new complaint about Google's use of the Android Advertising ID (AAID) to track users.…

Ralph Knotts 2018-02-02
img

EU-based campaigner Max Schrems – famous for taking Silicon Valley to task over citizens' privacy rights – has set up a non-profit outfit called Noyb, having exceeded a crowdfunding target.

Noyb stands for “none of your business," and has, we're told, raised at least 300,000 Euros (£264,000, $373,354) from a Kickstarter campaign – enough to found the organization and get the ball rolling.

Schrems hopes to eventually raise €500,000 in total to fully fund his Noyb.

The NGO will “start operations in May 2018,” which, it says, will be “just in time for the new EU data protection rules (GDPR).”

It will operate through “a strategic choice of informal warnings, legal complaints, model lawsuits and different forms of collective redress” to fight for netizens’ rights.

Schrems told The Register a few weeks ago that he was “retiring” from “bringing cases for the rest of my life."

Jacqueline Cleghorn 2019-01-21
img

As user privacy increasingly seems to be an alien concept to Silicon Valley and the other internet players, Austrian data privacy champion Max Schrems has jumped into the limelight once again.

Through a filing with the Austrian Data Protection Authority, by Schrem’s non-profit NOYB, the complaints focus on the ‘right to access’ enshrined in Article 15 GDPR and Article 8(2) of the Chart of Fundamental Rights.

Amazon, Apple, DAZN, Filmmit, Netflix, Sound Cloud, Spotify and YouTube are on the receiving end of the lawsuit, with the potential penalties ranging from €20 million through to €8 billion.

This leads to structural violations of users’ rights, as these systems are built to withhold the relevant information.”

GDPR is supposed to hand control of personal data back to said individual.

Its aim is to hold the digital society accountable to their actions and provide a certain level of justification for holding onto, and potentially monetizing, an individual’s personal information.

Donald Koontz 2018-01-22
img

Data can now be hosted in "countries that provide an adequate level of protection for personal data", said the guidance, which was developed with the Department of Health, NHS England and NHS Improvement.

The intention is to encourage NHS bodies to sign up to cloud services, with a chunk of the guidance set aside to promote the benefits of the fluffy stuff.

"It is for individual organisations to decide if they wish to use cloud and data offshoring but there are a huge range of benefits in doing so, such as greater data security protection and reduced running costs when implemented effectively," said Rob Shaw, deputy chief executive at NHS Digital.

The touted benefits include cost savings through not having to buy and maintain hardware and software, and "comprehensive backup and fast recovery of systems".

These include that critical services will depend on reliable internet access, that existing staff might not have the technical expertise, and that tech budgets may need to switch from capital expenditure to pay-as-you-go.

The right cultural understanding and behaviours need to be in place to manage this portability appropriately and mitigate any risks," the document added.

John Burns 2017-11-14
img

An Austrian privacy campaigner seeking to stop Facebook from transferring personal data out of the EU has been dealt a partial setback by one of Europe's top law officers.

Max Schrems has been told that he is unlikely to be able to bring a "class action" style case against Facebook's Irish unit in one of Austria's courts.

But he has instead been advised that he could sue the company on his own behalf.

Mr Schrems believes this could still let him set a precedent.

Although class actions are common in the US, the European equivalent - which are referred to as collective actions - are rarely accepted by local courts.

Mr Schrems had been seeking to claim 500 euros ($586; £448) in damages per person for about 25,000 people.

George Mitchell 2016-07-12
img

However, it is already facing opposition from legal activists and

pressure groups — suggesting a formal legal challenge is not far

"Privacy Shield" is a mechanism that legistimises the transfer of

personal data from Europe to the US, despite the two regions'

Thousands of companies send personal data back and forth between

the EU and the US on a daily basis — from customer data to

David Erb 2018-08-30
img

“No effective control over whether certified companies actually comply with the Privacy Shield provisions.”

A resolution issued by the European Parliament in July, which calls on the European Commission to suspend the EU – US Privacy Shield data transfer agreement, is days away from its September 1 deadline.

The parliament says the deal – a replacement for the Safe Harbor regime, which was struck down by the EU Court of Justice (“CJEU”) in 2015 – does not procure adequate personal data protection for EU citizens.

As one passage of the resolution puts it: “A number of concerns remain regarding both the commercial aspects and the access by US public authorities to data transferred from the EU… [including] the lack of concrete assurances of not conducting mass and indiscriminate collection of personal data (bulk collection).”

See also: UPDATED: Irish High Court Warns of “Potentially Grave Prejudice” in Landmark Facebook Ruling

The parliamentarians further raised commercial concerns, saying they are concerned by the fact that the Department of Commerce “has not made use of the possibility provided in the Privacy Shield to request copies of the contractual terms used by certified companies in their contracts with third parties to ensure compliance”.

Annie Kelley 2019-01-21
img

Fine comes a day before Google’s EU move…

France’s data protection watchdog CNIL has fined Google €50 million (£44 million) for breaching Europe’s General Data Protection Regulation (GDPR) – just one day before Google moves its service provision to Dublin from the US and makes Google Ireland Limited the “data controller” legally responsible for EEA and Swiss users’ information.

The watchdog found that Google is not GDPR-compliant for two reasons: 1) data processing for new Android users appears to happen outside Europe without consent and 2) data processing permissions intended to help personalise ads are not transparent enough for users.

(The original complaint focussed on the notion of “forced consent“).

Google also by default ticks a box that says “I agree to the processing of my information as described above and further explained in the Privacy Policy” when a user creates a new account on their smartphone, without clearly specifying that this is for personalised ads not just on Android but across Youtube et al.

Google GDPR Fine: Information “Scattered”