© 2024 CoolTechZone - Latest tech news,
product reviews, and analyses.

Noyb is taking Swedish DPA to court for non-compliance of GDPR


The Austrian privacy organization Noyb is suing the Swedish data protection authority IMY for refusing to properly handle complaints from its citizens.

According to Noyb, Integritetsskyddsmyndigheten (IMY) regularly receives complaints of companies that unlawfully collect and process personal data. Instead of examining the accusations, the regulator simply forwards them and closes cases without checking whether the violation has stopped or not.

According to the General Data Protection Regulation (GDPR), a data protection authority (DPA) has to enforce the fundamental right to data protection and remedy the situation. Instead, IMY neglects its obligations.

“Six years after the introduction of the GDPR, we continue to see authorities acting as if they can pick and choose whether citizens have their rights enforced. EU law requires every complaint to be investigated and every GDPR violation to be remedied. The IMY seems to forget that it’s an enforcement authority,” chairman Max Schrems says.

In November 2023, the Supreme Administrative Court of Sweden ruled that people have the right to complain if they see a company violating EU privacy laws. The DPA then has the obligation to investigate the matter and see to it the transgression stops. The European Court of Justice has several cases in which it states that every DPA must handle a complaint with due diligence.

Even after the ruling, IMY doesn’t investigate the complaints, but simply forwards them to the company that processes personal data illegally and closes the case.

“The EU Court of Justice has clearly stated that every national DPA must fully investigate complaints and take the necessary steps to stop the violation. There is no reason why people in Sweden should not have the same rights as everyone else in the EU,” Schrems says.

To force IMY to properly deal with complaints as intended by the GDPR, Noyb is taking the Swedish regulator to court. The first instance court has agreed with IMY’s approach. Therefore, Noyb has filed an appeal with the second instance court. If necessary, the Austrian privacy organization will take the case back to the European Court of Justice.

Schrems is convinced the supervisor will do its job as described in the GDPR and act accordingly.


Leave a Reply

Your email address will not be published. Required fields are marked