GDPR fines – brand and reputation damage will be the harshest penalty
Max Schrems has reached the first funding milestone for his new not for profit noyb (http://www.noyb.eu) (none of your business). Currently, noyb has raised €280k and is well on target to hit its €500k objective. Why is this important? Well, because it is Max Schrems.
Who is Max Scrhems?
Max Schrems is an Austrian lawyer, author and privacy activist who became known for campaigns against Facebook for privacy violation, including its violations of European privacy laws and alleged transfer of personal data. In 2013 Schrems filed a complaint against Facebook Ireland Ltd about data transfers by Facebook Ireland to the US in the wake of the Snowden revelations, including the existence of the Prism spying programme. His complaint ultimately ended up before the CJEU in October 2015 and that court struck down the Safe Harbour framework then used by about 4,500 companies, including Facebook, to transfer data to the US.
What can noyb actual do?
noyb will use best practices from consumer rights groups, privacy activists, hackers, and legal tech initiatives and merge them into a stable European enforcement platform. Together with the many new enforcement possibilities under the new EU data protection regulation (GDPR), noyb will be able to bring privacy cases in a much more effective way than before. In addition, noyb will follow the idea of targeted and strategic litigation to maximize the impact on the future of your right to privacy.
When appropriate, noyb will use PR and media initiatives to ensure your right to privacy without even going to court. Finally, noyb is designed to join forces with existing organizations, resources and structures to maximize impact, while avoiding parallel structures. There are 2 things to take particular note of here:
1. noyb will take class action suits against organisations they feel are flouting privacy law.
2. noyb will publicise organisations that are not respecting privacy laws. Point 2 is probably more damaging, and instantly effective. Max Schrems is high profile and commands a lot of media attention. If noyb decides to publicise that an organisation does not respect the EU privacy laws. This will get a lot of headlines.
What is noyb’s aims?
The aim of NOYB is therefore to ensure that the tech industry is following fully the existing privacy and data protection laws in the European Union, through strategic litigation in the public interest. Just like other areas of law, only the realistic likelihood of enforcement will ensure that laws are generally respected. NOYB will prioritize relevant cases, ensure that relevant violations are uncovered, assess legal and factual situations and use the most effective form of enforcement in each case. This may include the use of automated legal processes and enforcement (“legal tech”).
If you are struggling with GDPR Readiness, we might be able to help. Get in touch with us below: