Jul 6, 2015

Max Schrems v Facebook - Latest Round goes to FB

Facebook has won the latest case against an Austrian law student who is attempting to sue the social network on privacy grounds.

In the latest ruling in a long-running legal battle a court in Vienna held it had no jurisdiction to rule on the class action suit brought by Max Schrems, who argued that Facebook had breached EU rules on data protection accusing it of helping the U.S. security service to collect personal data.

The ruling is a small victory for the social network, which is facing thousands of legal challenges across Europe over the way it handles its users' personal data.  Facebook said of the Vienna case: "This litigation was unnecessary and we're pleased that the court has roundly rejected these claims."

However, this is unlikely to be an end to the matter as Mr Schrems, who was acting on behalf of 25,000 other claimants in what is termed a 'class action', said he would appeal the decision and importantly for Mr Schrems the Court referred the matter to a higher tribunal.

Wolfram Proksch, the lawyer for Mr Schrems said after the judgment that, "We have expected a number of possible outcomes, but this finding by the court is really very strange...Unfortunately it seems like the court wanted to forward this hot potato to the higher courts."

The law student is claiming 500 euros ($556) in damages for each of the more 25,000 signatories of his lawsuit - the latest in a series of European challenges to U.S. technology firms and their handling of personal data.

Data protection has become a legal headache for Facebook in Europe as regulators become increasingly tired of large networks disregard for users data protection and become increasingly antagonistic towards each others data protection regimes.

By way of example, Facebook's European headquarters is in Dublin which means that the company is regulated by the Irish Data Protection Commissioner, which has repeatedly given the company a clean bill of health. However, this arrangement has been challenged by other data protection authorities across Europe, which say that because Facebook processes their citizens' data, they should also have a say in its regulation. The EU has also entered the final stage of negotiations over new data protection laws, which will alter the rules in its jurisdiction.  These proposals suggest that while there will be one "lead" regulator, other data protection authorities will be able to intervene, with disputes settled by a new supranational regulator.

Mr Schrems has been a persistent thorn in the side of Facebook.  His campaign against the company reportedly began after attending a lecture given by Facebook's general counsel on data protection in 2011. It was after hearing this lecture that Mr Schrems questioned Facebook's application of EU data protection law. He also brought a separate case against the Irish Data Protection Commissioner in 2013 arguing that EU rules governing the transfer of personal data across the Atlantic, known as "safe harbour", were inadequate. This case is to be heard by the European Court of Justice, with an opinion expected in the coming months and a final judgment expected later this year.

Posted by: in: Case Law, Digital/Tech, News, Regulatory

Share this page