[German]Something is escalating right now. The Irish data protection authority DPC demanded that the Austrian organization noyb draw up and sign a "non-disclosure agreement" (NDA) within one working day. Otherwise, the complainant would no longer be heard. Max Schrems reported the DPC or the incident to the Austrian Public Prosecutor's Office for Corruption via the organization noyb.
Some Background
The name noyb stands for My Privacy is None of Your Business. NOYB (European Center for Digital Rights) is a Vienna-based non-governmental organization dedicated to enforcing data protection within the European Union. It was founded in 2017 by Max Schrems, among others.
SSchrems is primarily taking action against Google, Instagram, WhatsApp and Facebook for their non-transparent practice of processing personal data for advertising purposes with complaints before the competent data protection authorities. In the majority of cases, the Irish data protection authority DPC is responsible. There are accusations against the DPC that it systematically protects the aforementioned companies from GDPR proceedings (see Ireland's IDPC systematically protects Google, Facebook & Co. against GDPR proceedings).
A few weeks ago it became known that there was an exchange of blows between noyb and the DPC. A draft decision of the DPC was published by noyb, in which a trick used by Facebook to circumvent the DSGVO is to be legalized. In response, the Irish data protection authority DPC sent the data protection organization noyb a so-called take down notice. This is a request to take a published document off the organization's website. I had recently addressed this issue in the blog post Irish DPC sends noyb a take down notice on a published Facebook draft decision.
New escalation: Criminal charges
I already became aware of the facts yesterday via the following tweet by Max Schrems. A criminal complaint was filed by noyb at the Corruption Prosecution Office (WKStA) in Vienna against the Irish DPC.
In this article, noyb explains the background. The Irish Data Protection Commission (DPC) has asked noyb to draft and sign a "non-disclosure agreement" (NDA) within one working day. Without such a non-disclosure agreement in favor of the DPC and Facebook, the DPC would no longer fulfill its duty to hear the complainant.
Schrems comments, "The DPC has engaged in procedural blackmail. Only if we kept our mouths shut would the DPC 'grant' us our right to be heard. We reported the incident to the Austrian Public Prosecutor's Office for Corruption. This is a supervisory authority that clearly demands a quid pro quo for the performance of its duties, which is probably considered bribery in Austria." According to noyb, there is no legal basis for the DPC to demand that this NDA (non-disclosure agreement) be given."
The activists write that Facebook would particularly benefit from the NDA. This is because new documents suggest that EU regulators could deem Facebook's "GDPR circumvention" illegal. This means that EU regulators could potentially declare Facebook's use of personal data illegal since 2018. This, of course, would have a significant impact on Facebook's business model in Europe.
Within this article noyb lists the timeline of the proceedings that the Irish DPC went through, with the date in each case. On Nov. 12, 2021, there was a letter from the DPC requesting an undefined NDA statement from noyb. In a response dated 11/15, noyb objected due to legal and practical considerations. On 11/17/2021, there was another request from DPC for an NDA, and on 11/18/2021, noyb was excluded and removed from the hearing in the proceeding.
noyb writes that a statement of facts has been filed with the Austrian Corruption Prosecutor's Office (WKStA). Since the target of the possible criminal offense is a resident of Austria, the Austrian Criminal Code seems to be applicable. The criminal complaint concerns the DPC employees in question. The WKStA has to examine whether an investigation can be initiated. Of course, the presumption of innocence applies. However, it can be read between the lines that the Irish DPC and Facebook are trying to make a deal with this action. The DPC has already had to be hunted down several times – and Schrems, who now holds a doctorate in law, has won several cases before the European Court of Justice in matters of data protection.
Nice Advent reading
In protest of the situation, noyb has announced so-called "Advent readings" from various from the Facebook and DPC documents. On each Advent Sunday, noyb will publish a different document, along with a video explaining the documents and an analysis of why the use of these documents in the publication complies with all applicable laws. The intention is to show that noyb has all the freedom to discuss these documents within the framework of applicable law.
Schrems commented, "We very much hope that Facebook or the DPC will take legal action against us to finally make it clear that freedom of expression is above the scaremongering of a multinational corporation and its taxpayer-funded stooges. Unfortunately, we have to assume that they themselves know that they have no legal basis to take action against us, which is why they have resorted primarily to procedural blackmail."
Similar articles:
Ireland's IDPC systematically protects Google, Facebook & Co. against GDPR proceedings
GDPR: WhatsApp fined with 225 million Euro
European Court cancels EU-US "Privacy Shield"
Irish DPC sends noyb a take down notice on a published Facebook draft decision