show image

Austrian judge rules Max Schrems can take civil action against Facebook

Max Schrems, one of Europe’s most high-profile privacy lawyers, has overcome a major hurdle in his four-year-long legal battle against Facebook.

On Monday (25 March) the Vienna Higher Regional Court overturned a previous ruling in Facebook’s favour, paving the way for Schrems to take civil action against the firm. 

The landmark decision means that complaints made under Article 79 of Europe’s General Data Protection Regulation can be reviewed by judges, as well as data protection authorities.

Schrems had initially attempted to launch a civil action, which centres on claims that Facebook’s data transfer breached fundamental rights, in 2014.

But his efforts were ultimately blocked by the Court of Justice of the European Union, returning the case to Austria’s regional courts. Schrems had failed twice to convince judges that his case should be heard in a court before Monday’s ruling was handed down.

Facebook, which is expected to appeal the decision, has previously argued that citizens’ only course for redress is to submit complaints to their data protection regulator.

Austria’s supreme court will now decide whether the case should be heard in the Regional Court for Civil Matters or the Commercial Court.

“After a good four-and-a-half years, we have now slowly resolved various blockade attempts on Facebook,” said Schrem. “But this case shows that as a normal consumer has almost no chance that his or her lawsuit is heard. I’m already looking forward to having Facebook’s countless privacy violations before a public court soon.”

Schrem’s said on Twitter that the early decision to block Schrem’s case had been made on Austrian law and “there seems to be a tendency that civil judges are not keen to have (complex) GDPR cases on their table”.

The pro-privacy activist’s dogged campaigning led to a total overhaul of the way data is transferred between the European Union and the United States in 2015.

Following legal challenges by Schrems, the EU ruled that its existing mechanism for sharing data with the US had failed to secure sufficient protections for European citizens in light of the Snowden revelations. Safe Harbour was later replaced by the Privacy Shield agreement.