$8 billion lawsuits started on GDPR day

31 May 2018 by

You would have to be a monk or, at any rate, in an entirely internet-free zone, not to have had your recent days troubled by endless GDPR traffic. The tiniest charity holding your name and email address up to the data behemoths have asked, in different ways, for your consent for them to hold your personal data. You may have observed the frankness and simplicity of the former’s requests and the weaseliness of the latter’s, who try to make it rather difficult for you to say no, indeed to understand what precisely they are asking you to do.

Just in case you have not looked at it, here is the Regulation. It is actually a good deal easier to understand than a lot of the summaries of it.

This lack of transparency in these consent forms/privacy statements had not gone unnoticed by one of Europe’s more indefatigable privacy sleuths. Max Schrems, an Austrian lawyer, who, at 30 years of age, has already been to the EU top court twice (see here and here), moved fast. By the end of GDPR day last Friday, 25 May, he sued global platforms with multibillion-euro complaints. 3 complaints said to be valued at €3.9 billion were filed in the early hours against Facebook and two subsidiaries, WhatsApp, and Instagram, via data regulators in Austria, Belgium and Germany. Another complaint valued at €3.7 billion was lodged with France’s CNIL in the case of Google’s Android operating system.

Schrems operates via a non-profit called None of Your Business (NOYB). His press release and the complaints are all to be found here with parallel versions in German, French, and English. He adds in the press release that the Irish Data Protection Commissioner is also likely to be involved – three of our huge whales have chosen to make their, or an, HQ, in Ireland.

NOYB has said that GDPR was supposed to give users a free choice, whether they agree to data usage or not. Not so in practice: tons of “consent boxes” popped up online or in applications, often combined with a threat that the service cannot longer be used if users do not consent.

Those that have come up with ornate ways of demanding consent might find it helpful to test their efforts against Schrems’ complaints. Take the Austrian complaint against Facebook. The gist is that a portmanteau series of consent forms (not really saying what Facebook will do with your data) is presented on a “take it or leave it” basis. You may have your own views about this if you have recently ticked all the boxes which FB wanted you to tick to carry on operating as before.

Many of us know the draconian measures which GDPR has given to EU countries’ supervising authorities, in our case, the Information Commissioners Office. NOYB say that these first complaints will be a crucial test of the law,

with a penalty of four per cent of global revenue, Google or Facebook would have to pay more than a billion euros for violating the law. Currently we do not expect that DPAs will use the full penalty powers, but we would expect a reasonable penalty, given the obvious violation.

There have been musings that GDPR was going to be a damp squib of the Y2K variety, (in retrospect) a somewhat confected attempt to persuade us that when the clock ticked to midnight and the new Millennium started, all our computers would crash, and chaos would reign. Y2K brought good business in for consultants and insurers willing to bet against these Nostradamus-like predictions.

Now the skies may not have fallen in this week, but Schrems at least is determined that things will not be as before. We will have to wait to see whether GDPR really makes a difference at a more mundane level, or as others have said, it (for EU nationals, at least) it is no more than a moderate strengthening of a data protection regime which has been in place for some years.

Welcome to the UKHRB

This blog is run by 1 Crown Office Row barristers' chambers. Subscribe for free updates here. The blog's editorial team is:
Commissioning Editors: Darragh Coffey
Jasper Gold
Editorial Team: Rosalind English
Angus McCullough KC
David Hart KC
Martin Downs
Jim Duffy
Jonathan Metzer

Free email updates

Enter your email address to subscribe to this blog for free and receive weekly notifications of new posts by email.

Subscribe

Categories

Disclaimer

This blog is maintained for information purposes only. It is not intended to be a source of legal advice and must not be relied upon as such. Blog posts reflect the views and opinions of their individual authors, not of chambers as a whole.

Our privacy policy can be found on our ‘subscribe’ page or by clicking here.

Tags

Aarhus Abortion Abu Qatada Abuse Access to justice adoption ALBA Allison Bailey Al Qaeda animal rights anonymity Appeals Article 1 Protocol 1 Article 2 article 3 Article 4 article 5 Article 6 Article 7 Article 8 Article 9 article 10 Article 11 article 13 Article 14 Artificial Intelligence Asbestos assisted suicide asylum Australia autism benefits Bill of Rights biotechnology blogging Bloody Sunday brexit Bribery Catholicism Chagos Islanders Children children's rights China christianity citizenship civil liberties campaigners climate change clinical negligence Coercion common law confidentiality consent conservation constitution contempt of court Control orders Copyright coronavirus Coroners costs court of appeal Court of Protection covid crime Cybersecurity Damages Dartmoor data protection death penalty defamation deportation deprivation of liberty Detention diplomatic immunity disability disclosure Discrimination disease divorce DNA domestic violence duty of candour duty of care ECHR ECtHR Education election Employment Employment Law Employment Tribunal enforcement Environment Equality Act Ethiopia EU EU Charter of Fundamental Rights EU costs EU law European Court of Justice evidence extradition extraordinary rendition Family Fertility FGM Finance football foreign criminals foreign office France freedom of assembly Freedom of Expression freedom of information freedom of speech Gay marriage Gaza gender genetics Germany gmc Google Grenfell Health high court HIV home office Housing HRLA human rights Human Rights Act human rights news Huntington's Disease immigration India Indonesia injunction Inquests international law internet Inuit Iran Iraq Ireland Islam Israel Italy IVF Jalla v Shell Japan Japanese Knotweed Judaism judicial review jury trial JUSTICE Justice and Security Bill Land Reform Law Pod UK legal aid legality Leveson Inquiry LGBTQ Rights liability Libel Liberty Libya Lithuania local authorities marriage Maya Forstater mental capacity Mental Health military Ministry of Justice modern slavery monitoring music Muslim nationality national security NHS Northern Ireland nuclear challenges nuisance Obituary ouster clauses parental rights parliamentary expenses scandal Parole patents Pensions Personal Injury Piracy Plagiarism planning Poland Police Politics pollution press Prisoners Prisons privacy Private Property Professional Discipline Property proportionality Protection of Freedoms Bill Protest Public/Private public access public authorities public inquiries public law Regulatory Proceedings rehabilitation Reith Lectures Religion RightsInfo Right to assembly right to die right to family life Right to Privacy Right to Roam right to swim riots Roma Romania Round Up Royals Russia Saudi Arabia Scotland secrecy secret justice sexual offence sexual orientation Sikhism Smoking social media Social Work South Africa Spain special advocates Sports Standing statelessness Statutory Interpretation stop and search Strasbourg Supreme Court Supreme Court of Canada surrogacy surveillance Syria Tax technology Terrorism tort Torture travel treaty TTIP Turkey UK Ukraine UK Supreme Court unduly harsh united nations USA US Supreme Court vicarious liability Wales War Crimes Wars Welfare Western Sahara Whistleblowing Wikileaks Wild Camping wind farms WomenInLaw YearInReview Zimbabwe

Tags

Aarhus Abortion Abu Qatada Abuse Access to justice adoption ALBA Allison Bailey Al Qaeda animal rights anonymity Appeals Article 1 Protocol 1 Article 2 article 3 Article 4 article 5 Article 6 Article 7 Article 8 Article 9 article 10 Article 11 article 13 Article 14 Artificial Intelligence Asbestos assisted suicide asylum Australia autism benefits Bill of Rights biotechnology blogging Bloody Sunday brexit Bribery Catholicism Chagos Islanders Children children's rights China christianity citizenship civil liberties campaigners climate change clinical negligence Coercion common law confidentiality consent conservation constitution contempt of court Control orders Copyright coronavirus Coroners costs court of appeal Court of Protection covid crime Cybersecurity Damages Dartmoor data protection death penalty defamation deportation deprivation of liberty Detention diplomatic immunity disability disclosure Discrimination disease divorce DNA domestic violence duty of candour duty of care ECHR ECtHR Education election Employment Employment Law Employment Tribunal enforcement Environment Equality Act Ethiopia EU EU Charter of Fundamental Rights EU costs EU law European Court of Justice evidence extradition extraordinary rendition Family Fertility FGM Finance football foreign criminals foreign office France freedom of assembly Freedom of Expression freedom of information freedom of speech Gay marriage Gaza gender genetics Germany gmc Google Grenfell Health high court HIV home office Housing HRLA human rights Human Rights Act human rights news Huntington's Disease immigration India Indonesia injunction Inquests international law internet Inuit Iran Iraq Ireland Islam Israel Italy IVF Jalla v Shell Japan Japanese Knotweed Judaism judicial review jury trial JUSTICE Justice and Security Bill Land Reform Law Pod UK legal aid legality Leveson Inquiry LGBTQ Rights liability Libel Liberty Libya Lithuania local authorities marriage Maya Forstater mental capacity Mental Health military Ministry of Justice modern slavery monitoring music Muslim nationality national security NHS Northern Ireland nuclear challenges nuisance Obituary ouster clauses parental rights parliamentary expenses scandal Parole patents Pensions Personal Injury Piracy Plagiarism planning Poland Police Politics pollution press Prisoners Prisons privacy Private Property Professional Discipline Property proportionality Protection of Freedoms Bill Protest Public/Private public access public authorities public inquiries public law Regulatory Proceedings rehabilitation Reith Lectures Religion RightsInfo Right to assembly right to die right to family life Right to Privacy Right to Roam right to swim riots Roma Romania Round Up Royals Russia Saudi Arabia Scotland secrecy secret justice sexual offence sexual orientation Sikhism Smoking social media Social Work South Africa Spain special advocates Sports Standing statelessness Statutory Interpretation stop and search Strasbourg Supreme Court Supreme Court of Canada surrogacy surveillance Syria Tax technology Terrorism tort Torture travel treaty TTIP Turkey UK Ukraine UK Supreme Court unduly harsh united nations USA US Supreme Court vicarious liability Wales War Crimes Wars Welfare Western Sahara Whistleblowing Wikileaks Wild Camping wind farms WomenInLaw YearInReview Zimbabwe
%d bloggers like this: