Austrian lawyer Max Schrems and the privacy enforcement nonprofit NOYB he founded in 2017 have instilled fear and loathing in Big Tech for quite some time—starting well before the current global backlash against the world’s tech giants. The privacy advocate and his group succeeded in getting one of Europe’s highest courts, the European Court of Justice, to strike down two successive EU-U.S. data transfer agreements, causing an international crisis. First, in 2015, they brought down the Safe Harbour agreement, a data-transfer mechanism used by thousands of companies. And then in July 2020, they convinced the court that its successor, the Privacy Shield, was also illegal, Business Loan.
They were just getting started.
In the last three years, the nonprofit NOYB—an acronym for “None of Your Business”—has filed dozens of privacy complaints before data protection authorities, or DPAs, across Europe. Many of these are still pending, but two resulted in Google and dating app Grindr being handed million-euro fines for violations of the General Data Protection Regulation, the sweeping privacy legislation adopted by the European Union in 2018.
“We’re trying to enforce the law [and] we’re called activists. Facebook is breaching the law and it’s called innovative or creative.”
Just in the last few months, NOYB has introduced hundreds of privacy complaints before 10 DPAs across Europe with the aim of getting local websites to enforce the EU bloc’s GDPR privacy legislation on cookie banners. The complaints targeted both large tech players, such as Amazon, Twitter, Google and Facebook, as well as lesser-known, smaller companies.
In the coming months, the nonprofit aims to send an additional wave of 5,000 to 10,000 complaints to companies that violate GDPR provisions with their cookie banners. And these could result in additional and steeper fines for large tech companies, as data protection authorities across the 27-member bloc step up enforcement.
More GDPR enforcement needed
Although the nonprofit might be best known for going after big tech giants, Romain Robert, NOYB’s program director, told Law.com International that its target is any company not following GDPR rules.
“GDPR is full of promises of enforcing data protection rights and fundamental rights. We’re just trying to fill the gap between these promises and the actual enforcement,” he said.
In that sense, they are also attempting to level the playing field. “We want to avoid having the GDPR only complied with by European companies and not by non-European companies because they can afford [it],” Robert said.
Since its launch four years ago, NOYB has grown from two people—an office manager and Schrems—to 16 staff members, of which six are full-time lawyers. And while they are a nongovernmental organization, their role, Robert said, is the same as that of a law firm.
“We represent the consumers—the data subjects—the way a law firm would in a court litigation,” he said. “It’s not different at all. It’s really a law firm job we’re doing.”
Schrems, of course, has unnerved plenty of companies but Robert says the characterization of the nonprofit as anti-tech or as a crusader is disingenuous.
“We’re trying to enforce the law [and] we’re called activists. Facebook is breaching the law and it’s called innovative or creative,” he said.
Max Schrems in 2015
In countries where the nonprofit does not have access to local courts—its lawyers are qualified in Austria, Italy, Poland, Belgium and Germany—it has worked with mostly independent national firms and independent lawyers.
In its legal challenges, NOYB has wrangled with leading law firms such as Covington & Burling, McCann FitzGerald, Mason Hayes & Curran and such seasoned litigators as Irish Attorney General Paul Gallagher SC and Catherine Donnelly SC, chair of the Irish Society for European Law. In theory, NOYB is not opposed to working with big law firms. But there are practical hurdles, Robert says.
“[Big law firms] are too expensive and they usually are in conflict of interest with us because, usually, they are advising the GAFAM,” he said, using an acronym for Google, Apple, Facebook, Amazon and Microsoft—all companies, with the exception of Microsoft, that the nonprofit has sued.
Last year, NOYB also created a database of three dozen supportive lawyers and law firms. These lawyers and firms are not only ready to work with the nonprofit, but also act as an informal helpline for the team. If NOYB were contemplating appealing a decision by the Spanish DPA, for example, “we have someone [we can] call who will know: What is the deadline? What is the cost of the procedure?” Robert said.
And NOYB intends to focus more heavily on court litigation in the years to come, Robert said. “We cover today almost 20 countries and should be able to litigate in all these states,” he said.
NOYB is today funded by some 4,000 members—both private individuals as well as public and private institutions such as the Austrian Chamber of Labour. Their financial contributions—in 2020, NOYB reported an income of almost €600,000—enabled the nonprofit in October to advertise two additional full-time lawyer positions. Many of the lawyers who have applied have Big Law backgrounds, Robert said.
“We’re attracting a lot of people who used to work for Clifford Chance and the like and want to work for an NGO,” he said.
And more hires are likely to follow in the coming years, since NOYB recently decided to rent the offices that are next door to its current office, thereby doubling its office space.
The privacy nonprofit also recently qualified as an entity that can file class actions in Belgium. Plus, it is teaming up with a “huge business law firm” in the Netherlands to create a class action foundation. It was incorporated last month under the name CUIC, short for Consumers United in Courts. Robert said they intend to file their first collective action before the end of the year. He declined to provide more information.
“For obvious reasons, I cannot share more about the case,” he said, adding that NOYB may also launch another lawsuit, as well as other new projects, before the end of the year.
So, should lawyers for tech firms start trembling? Will these new efforts affect the corporate world the way the GDPR has?
“For strategic reasons, we cannot say what they will be,” said Robert when pressed for more information, adding that NOYB will not divulge information prematurely, just “like any other law firm would not unveil the projects of their clients.”
Visit : https://hobartloans.com/
