Court: ‘Irish DPA must investigate Noyb complaint’

The General Court has ruled that the Data Protection Commission (DPC), the data protection authority (DPA) from Ireland, must launch an investigation into a complaint that was filed by Noyb years ago.
In May 2018, when the General Data Protection Regulation (GDPR) went into effect, Noyb filed a complaint with privacy regulators in Austria, Belgium and Germany against Meta.
The Austrian privacy advocacy group claimed that the American tech company links the processing of data for its services and that for delivering personalized ads. Therefore, users not only consent to the processing of their personal data, but also directly agree to the processing of their user data in order to offer personalized ads.
This is a violation of the GDPR, Noyb argued.
Since Meta’s headquarters is located in Ireland, the complaint was handed over to the DPC. The privacy regulator launched an inquiry into the matter and concluded that the complainants couldn’t convince the supervisor that Meta needed user consent to process their information in order to display personalized ads.
Other privacy regulators in the EU objected to this argument. The case was referred to the European Data Protection Board (EDPB), an independent body whose purpose is to ensure the GDPR is interpreted and implemented consistently in all EU member states.
In December 2022, the EDPB ordered the DPC to conduct further investigation into the matter. Among other things, the Irish DPA had to consider whether the processed data contained any special categories of personal data, including religion, political beliefs and ancestry. These kinds of data are subjected to stricter rules.
However, the DPC found that the EDPB does not have the authority to issue such instructions and took the matter to court in 2023.
On Wednesday, the General Court ruled in favor of the EDPB. According to the judges, the Irish DPA acted unlawfully when it refused to open an investigation into Noyb’s complaint. In addition, the General Court has dismissed the DPC’s claims, meaning that the privacy regulator from Ireland has to conduct an investigation into Meta.
Max Schrems, Chairman of Noyb, is happy with the General Court’s ruling. At the same time, he’s sad because the complaint has to be dealt with all over again, which could take years.
“This case already has been going on for more than six years, with the DPC refusing to take action, which benefits US Big Tech. We are happy about the Court’s decision to dismiss the DPC’s claims, but it also means that the case starts again from square one. Any final decision will take years before the DPC and before the Irish courts. The DPC is a master of grotesque sidesteps and loops in procedures, with the consequence that US Big Tech is never receiving a penalty,” he says in a statement.
Your email address will not be published. Required fields are marked