A ruling by the European Court of Human Rights (ECHR) is set to end a series of lawsuits filed by consumer protection agencies seeking to comply with the General Data Protection Regulation (GDPR) standards against technology companies such as Facebook and Twitter are among the issues that are emerging correctly. informed to consent to the processing of personal data.
In today’s ruling, the Court of Justice (CJEU) affirmed that consumer protection organizations can take proxy action against violating the rules of the data protection group under the GDPR.
The transfer to the CJEU comes from a German court in a case against Meta (Facebook) filed by the German Federal Association of Consumers and Associations (vzbv) in connection with the ToS of some free games operating on its platform which mandatory permission. Users without giving them the option to reject the settings if they play the game.
In a brief statement, the Meta spokesman said: “The legal cases below have shown that there are open questions, which the CJEU has now addressed. We will review the decision and assess the consequences. kara. ”
The CJEU ruling is a prelude to a major change – with the arrival of the EU next year, when the Guidelines for Action goes into application in June – which will further expand the ability of consumer rights groups to sue on behalf of individuals they believe their rights have been violated. .
“In today’s ruling, the Court found that the GDPR does not invalidate the national law which allows the Consumer Protection Agency to file legal proceedings, with no mandate authorized for that purpose independent of the infringement of privacy rights. subjects, against the person accused of violating the rules for protecting personal data, based on the violation of unfair trade practices, breach of consumer protection law or prohibition of the use of invalid general terms, whereas. “The processing of the relevant data is responsible for affecting the right to be recognized as a natural person by the law,” the court said in a statement.
The Technical Group has traditionally tried to divert these types of secret cases by arguing that the national courts have no jurisdiction under the GDPR – which is designed to comply with national law in this area. It also contains a mechanism (one-stop shop; OSS), which handles border cross-border complaints with the GDPR through the leading data protection agency of the EU Member States where each party receives the HQ. state).
EU lawmakers have added OSS to make it easier for businesses to comply. But its existence has fueled anti-consumerism in the forum store – in which large corporations gather around ‘friendly’ prosecutors, putting pressure on them politically – say, by placing them in local jobs and presence of their assets – to encourage oversight in line with their business interests.
The strategy also effectively reduces the principal resources by collecting work in complex cases.
All of these pressures can contribute to the constraints on the implementation of the GDPR, delays in decisions and even investigations that have been discarded or never opened in the first place. Complaints have recently led to an investigation by the European Commission into the GDPR’s application to the EU envoy.
In the case of Facebook, the Irish watchdog has led to the equivalent of total executive action – as the service has not been hit by a single GDPR decision since the law came out in May 2018, despite many complaints (some now). existing) date of almost four years).
Ireland finally issued a decision on a complaint against WhatsApp owned by Facebook last year. But more points of complaint continue – and only today the European intelligence rights group, NAYB, announced that the Irish Data Protection Commission (DPC) had resolved what it described as a “major setback” in two cases. related to Facebook – ownership of Instagram and WhatsApp which she also said would see Irish taxpayers set foot on a legal bill of several thousand euros.
“Forty-seven months after the filing of ‘authorization’ cases on Facebook, the DPC has agreed to pay tens of thousands of shillings for the delayed Judicial Review,” Nob wrote in a statement. . “While the GDPR requires a ‘delay’ decision DPC takes the view that four years to produce a draft decision is possible. In most EU member states the law requires a decision. within 3 to 12 months. “
The release of noyb’s press release provides a visual eye-opener for forum shopping – highlighting the latest exciting developments in the never-ending legal process. with a picture of a fence crawling on a collection of coins. (In the unlikely event, the accident is the DPC of Ireland; not photographed: Facebook holding data of anyone laughing up to the bank.)
This shameful intimidation by the GDPR continues to shed light on the EU flag protection law – making it even more difficult for individuals to take their rights away from the most powerful technology devices.
This means that any path that opens up the possibility of many lawsuits against the great technology – and today’s ruling is not the first judgment of the CJEU – such as these is important for the resettlement of the power imbalance between large theater groups and personal network users. Although the general EU changes coming up next year – through the Representative Steps procedure – more steps must be taken as the law does not depend on the questioning system at the national level.
However, in writing about it website (which we translated from Germany), vzbv calls the CJEU decision a “historic ruling”, saying it means the Federal Court of Justice is “once again on the train”. The client group has spent years trying to sue Facebook in places such as private and unfair sites, while Meta lawyers have given up the scene, arguing that local courts have no power to hear the challenges.
In a statement, Jutta Gurkmann, a member of the vzbv board, added that today’s ruling by the CJEU “puts an end to the tedious debate over the right of consumer organizations to sue for data protection”.
“It is an open secret that some European data protection authorities are not able to cope with the growing data collection of large technology companies,” she added, adding: “In the past, this has now been emphasized. GDPR acceptance.
“It is now clear: In addition to monitoring authorities, civil society organizations such as vzbv can also punish GDPR violations to a large extent. Vzbv has successfully and effectively sued Meta, Google and Co. for a long time. The ECJ ruling today creates legal certainty until the European Standard of Action is enacted this year, which also contains such powers. ”
Also commenting on the CJEU ruling in a statement, Ursula Pachl, Deputy Director General of the European Consumer Association, BEUC, welcomed the “good news”, underlining the importance of the upcoming June 2023 EU directive.
“Today’s ruling is good news because it underscores that consumer groups can file joint claims against companies such as Meta in the event of a breach of the GDPR, as long as this system exists at the national level. The GDPR is an important law. “Protecting the personal data of people within the EU. It is essential that it be properly enforced, and judgments like today will help,” she said.
“Starting next year, new EU rules will allow consumer groups to initiate proxy actions, which will improve the situation. It will then be possible for consumer organizations in all EU countries, as long as they specific requirements, to initiate collective bargaining orders or claims against companies that violate the law, including under the GDPR. It is new and the implementation of consumer groups will then begin. “