On January 25, 2018, the Court of Justice of the European Union (“CJEU”) handed down a ruling permitting consumer privacy actions to be brought in the consumer’s home jurisdiction — as opposed to the jurisdiction in which the defendant data controller has its main establishment — but not permitting consumer privacy class actions to be brought in a consumer’s home jurisdiction.

Background

Maximilian Schrems (“Schrems”) — an Austrian resident, lawyer and privacy activist (best known for his involvement in litigation relating to the EU-U.S. Safe Harbor and the EU Model Clauses) — brought a class action against Facebook’s Irish-registered office, before the Austrian courts.  Schrems’ action alleges various breaches of Austrian, Irish, and EU data privacy rules, and includes claims for damages arising from these alleged breaches.

Schrems, a Facebook user of ten years, initially registered with Facebook under a false name for personal purposes only, engaging in typical private uses of the site such as to share photos and posts with his 250 or so Facebook Friends.  Then, in 2011, Schrems created a Facebook page to report on his legal proceedings against Facebook Ireland, reference his lectures and media appearances, advertise his books and solicit public donations.

The Austrian Supreme Court sought a preliminary ruling from the CJEU on two points.

  • Whether Schrems is a “consumer” as defined and interpreted under EU law (namely Article 15 of Regulation No. 44/2001 on jurisdiction and the recognition and enforcement of judgments in civil and commercial matters), in relation to his Facebook account, specifically the use of his Facebook page (“the Consumer Issue”).
  • Whether Schrems could bring his action alongside and on behalf other consumers in contractual relationships with Facebook, those consumers numbering more than 25,000 and residing in Austria, other Member States, and outside the EU (“the Class Action Issue”).


Continue Reading CJEU Rejects Consumer Privacy Class Action

“The evolution of big data has exposed gaps in EU competition, consumer protection and data protection policies”, said Peter Hustinx, the European Data Protection Supervisor (EDPS), when presenting the EDP’s preliminary opinion on the interplay between these three policy areas. The Opinion titled “Privacy and Competitiveness in the Age of Big Data”, issued on 26 March 2014, (the Opinion) aims at stimulating a debate between experts and practitioners. The EDPS’ preliminary opinions are not legally binding but intended to inform and facilitate discussion.

Continue Reading The New EDPS Opinion “Privacy and Competitiveness in the Age of Big Data”

Yesterday the FTC released its annual report of consumer complaints, highlighting identity theft as the leading category of complaints, with 18% of the total.  The 2012 report analyzes complaints received by the FTC, certain other federal agencies, state law enforcement agencies, and non-governmental organizations such as the Better Business Bureau.  After identity theft, consumers filed the