Max Schrems files 101 com­plaints against EEA companies

EN 
EN  DE  FR 

from

on

Indu­stries

Aut­ho­ri­ty

Laws

Topics

, ,
Take-Aways (AI)
  • NOYB files com­plaints against 101 EEA com­pa­nies for con­tin­ued use of Goog­le Analytics/Facebook Con­nect trans­fers to third countries.
  • ECJ ruling Schrems II decla­res Pri­va­cy Shield inva­lid; stan­dard con­trac­tu­al clau­ses remain con­di­tio­nal­ly valid, may requi­re addi­tio­nal pro­tec­ti­ve measures.
  • NOYB com­plains about insuf­fi­ci­ent pro­tec­tion mea­su­res by Goog­le and Face­book; com­plaint cam­paign against lar­ge pro­vi­ders such as Airbnb, Dec­a­th­lon, Coop to be expanded.

With his NGO “NOYB” (short for “None of Your Busi­ness”), data pro­tec­tion acti­vist Max Schrems has Com­plaint against 101 com­pa­nies coll­ec­ted from the EEA. The com­pa­nies con­cer­ned were still using Goog­le Ana­ly­tics or Face­book Con­nect on their web­sites. Max Schrems con­siders a trans­fer of per­so­nal data to reci­pi­en­ts out­side of the EEA through the­se ser­vices, accor­ding to the lawsu­it filed by his Judgment Schrems II of the ECJ for inadmissible.

With Judgment from 16 July 2020 the ECJ declared the EU-US Pri­va­cy Shield inva­lid with imme­dia­te effect. The ECJ based its decis­i­on essen­ti­al­ly on the access pos­si­bi­li­ties of U.S. intel­li­gence ser­vices to the data of EU citi­zens trans­fer­red under the Pri­va­cy Shield. The stan­dard con­trac­tu­al clau­ses, which also pro­vi­de a legal basis for trans­at­lan­tic data trans­fers under the Euro­pean Gene­ral Data Pro­tec­tion Regu­la­ti­on, are still con­side­red valid by the ECJ. Howe­ver, when they are used, the­re is an obli­ga­ti­on – depen­ding on the risk assess­ment – to sup­ple­ment them with addi­tio­nal con­trac­tu­al clau­ses to ensu­re an appro­pria­te level of data pro­tec­tion. In this respect, the stan­dard con­trac­tu­al clau­ses are no lon­ger neces­s­a­ri­ly a standard.

NYOB reports Goog­le is still rely­ing on the Pri­va­cy Shield. Face­book does use stan­dard con­trac­tu­al clau­ses, but wit­hout suf­fi­ci­ent­ly streng­thening them against access under U.S. secu­ri­ty laws, in line with the ECJ ruling. Last Howe­ver, Goog­le announ­cedThe com­pa­ny also intends to use stan­dard con­trac­tu­al clau­ses in the future.

To the com­pa­nies, against which the­re is now a com­plaintThe­se include lar­ge com­pa­nies such as Airbnb, Dec­a­th­lon and Coop. But the com­plaints will pro­ba­b­ly not be enough. Accor­ding to its own state­ment, NYOB wants to gra­du­al­ly increa­se the pres­su­re on “big players”.