In February 2015 we reported on the Austrian data protection class action started by Max Schrems against Facebook in Austria. You can see that alert here. Naturally attention has turned in the last few weeks to Mr. Schrems’ other litigation before the European Court but the focus is likely to turn back to Austria – at least in part – as a result of today’s appeal court findings.
What is this case about?
What did the original Austrian court decide?
In July as we reported here the Vienna Regional Court (Landesgericht) rejected the Schrems class action for lack of jurisdiction, essentially agreeing with Facebook’s initial submissions. The court apparently felt that the courts in Ireland were the proper venue since Facebook’s international operations are based there or in the alternative Mr. Schrems could sue in California where Facebook have their HQ. It was this decision that Mr. Schrems appealed.
What happened at the appeal hearing?
According to Mr. Schrems the Vienna Court of Appeal (Oberlandesgericht Wien) today issued a written decision on his appeal. He says the Court of Appeal found in his favour on 20 of his 22 claims that the Vienna Regional Court had previously rejected. He says that there is no decision yet in substance on his case but that the case will go back to a court of first instance to look at the merits of the case. Mr. Schrems also says that the court did not approve the class action status of the litigation which is yet to be decided and that this may have to be decided by the Austrian Supreme Court and/or the European Court of Justice.
What happens next?
Mr. Schrems appears to be in the process of an appeal on the class action point. In addition he seems to be in the process of having his original case against Facebook (presumably with him as the sole plaintiff) relisted in Vienna.
Times have changed since July. It appears that Mr. Schrems’ arguments may now be on more solid ground since as well as dealing with Mr. Schrems’ other complaints the European Court have also been busy making new data protection law in the Weltimmo case. We reported on that case here. Whilst Weltimmo strictly looks at the ability of national EU Member State data protection regulators to deal with matters involving organisations situated beyond their borders the tide may be turning in favour of giving citizens redress through the civil courts in their country too.
As well as looking at their plans post Safe Harbor (covered in our alert here companies will need to be alive to the prospects of copy-cat civil litigation. As a minimum they will need to consider:
- Reviewing how they deal with subject access requests – a proper policy is essential to make sure that the organisation deals with them properly to avoid complaints and follow-on litigation
- Communicating with employees and consumers in more detail about how they transfer data, who can see it and where it is stored
- Being alert to dealing properly with complaints, from whatever quarter, and escalating them where necessary
Jonathan Armstrong and André Bywater are lawyers with Cordery in London where their focus is on compliance issues.
Jonathan Armstrong, Cordery, Lexis House, 30 Farringdon Street, London, EC4A 4HH
Office: +44 (0)207 075 1784
André Bywater, Cordery, Lexis House, 30 Farringdon Street, London, EC4A 4HH
Office: +44 (0)207 075 1785