Austrian activist Schrems’ Facebook complaint referred to EU court
BERLIN, July 20 (Reuters) – Austria’s Supreme Court has questioned the legal basis on which Facebook (FB.O) collects user data and referred key issues for a ruling by Europe’s top court, after awarding symbolic damages to activist Max Schrems in his privacy case against the company.
In a 34-page ruling, the Austrian court accepted the request from Schrems, who has waged a years-long campaign against what he views as Facebook’s intrusive privacy practices, to refer key questions to the Court of Justice of the European Union.
The civil case revolves around Schrems’ assertion that Facebook deprives users of the rights and protections they enjoy under the EU’s privacy law, the General Data Protection Regulation (GDPR), by treating consent as a contract that empowers it to use their data to deliver targeted ads.
“Facebook tries to strip users of many GDPR rights by simply ‘reinterpreting’ consent to be a civil law contract,” Schrems said in a statement on Tuesday. “This was nothing but a cheap attempt to bypass the GDPR.”
Facebook said it had received the court judgment and was reviewing its contents.
“We are committed to the principles of GDPR and have made major changes to our business as part of our ongoing efforts to give users meaningful transparency and control over their data,” a Facebook spokesperson said.
One question referred by the Austrian court asks whether Facebook’s declaration that it intends to process user data undermines the significantly higher protection that consent offers under the GDPR.
Further questions relate to whether Facebook’s collection of data from ‘Like’ buttons and other online sources respects the GDPR’s principle of data minimisation – in other words that it should not collect more user data than is necessary.
The Austrian court also awarded Schrems 500 euros ($589) in symbolic damages over Facebook’s obstructive tactics in response to his request to share the data it holds on him.
“The plaintiff rightfully points out that the GDPR is based on a one-time request for access, not on an ‘Easter egg hunt’,” the court wrote in its ruling.
($1 = 0.8492 euros)Reporting by Douglas Busvine; editing by Mark Potter and Jason Neely
Our Standards: The Thomson Reuters Trust Principles.