EU: NOYB files 101 complaints against EU companies for transferring data to Facebook and Google post-Schrems II
None of your business – European Center for Digital Rights ('NOYB') announced, on 17 August 2020, that it had filed 101 complaints against EU companies that continue to send website visitor data to Google LLC and Facebook, Inc. one month after the Court Justice of the European Union's ('CJEU') judgment in Data Protection Commissioner v. Facebook Ireland Limited, Maximillian Schrems (C-311/18) ('the Schrems II Case'). In particular, NOYB stated that an analysis of the HTML source code of major EU webpages had shown that even after the decision, many companies continue to use Google Analytics or Facebook Connect even though both companies fall under US surveillance laws. Moreover, NOYB outlined that neither Facebook nor Google seem to have a legal basis for these data transfers, highlighting that Google still claims to rely on the EU-U.S. Privacy Shield that was invalidated by the CJEU's judgment and that Facebook continues to use the Standard Contractual Clauses ('SCCs'), despite the fact that the CJEU found that US surveillance laws violate the essence of EU fundamental rights.
As a consequence, NOYB stated it had filed complaints in 30 EU and EEA member states against 101 European companies, including, among others, Danske Bank A/S, Koninklijke Post NL B.V., Sephora SAS, Decathlon France SA, Allied Irish Banks, Airbnb Ireland UC, Sky Deutschland, and Handelsblatt GmbH, for continuing to forward data about each website visitor to Google and Facebook, and published a list of the companies and the complaints ('the List'). In addition, NOYB detailed that complaints have also been brought against Google and Facebook in the US for continuing to accept these data transfers, despite them being in violation the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR').
Furthermore, NOYB stated that according to the GDPR, the competent data protection authorities in the respective Member States will have to examine the complaints, and may impose prohibition notices or fines.
Finally, NOYB announced that it is planning to gradually increase the pressure on EU and US companies to review their data transfer practices.