Schrems accuses DPC of trying to stop publication of Facebook complaint documents

Privacy campaigner Max Schrems has accused Ireland’s Data Protection Commissioner (DPC) of trying to ban him from posting material related to a long-running complaint against Facebook.

In August 2018, an Austrian citizen, with the help of Mr Schrems’ privacy lobby group Noyb, filed a complaint through Austria’s data protection regulator that Facebook was circumventing the new rules. EU data protection.

The Austrian body referred the case to the Irish DPC, which is Facebook’s main regulator in the EU. Last month, the DPC published a draft decision proposing a penalty of between 28 and 36 million euros for Facebook. He noted that before new EU data protection rules came into force in May 2018, Facebook had changed the legal basis of its relationship with its users to reflect and comply with the new EU rules. EU on data.

Request

Mr Schrems dismissed the change as a legal “trick” in which he accused the DPC of being complicit. He posted the draft decision and other correspondence with the Irish regulator on Noyb’s website, prompting the DPC to demand the documents be removed.

On Tuesday, the Austrian campaigner accused the DPC of threatening to remove him from the ongoing case unless he signs a pledge to stop publishing documents without the express consent of the Irish regulator.

“Only if we remain silent will the DPC ‘grant’ us our legal right to be heard,” Schrems said. In a series of letters from the DPC posted on Noyb’s website, the regulator describes Mr. Schrems’ actions as “unlawful and improper interference” in its investigation.

He insists that the confidentiality of draft decisions and related documents is a prerequisite for a free exchange of views or a change of position before a final decision is taken.

In a Nov. 12 letter, the DPC said its draft decisions and related information constituted “confidential information” under the Data Protection Act 2018.

He also noted that two years ago, MM. Schrems and Noyb had agreed not to release any documents related to the investigation.

The Noyb founder hit back, calling the Irish regulator’s decision “procedural coercion”. The Irish regulator has no legal jurisdiction over the Austrian plaintiff or Vienna-based Noyb, he said. According to the Austrian data regulator, Schrems added, no confidentiality clause applies to data protection procedural acts.

Procedure

Noyb stressed in a letter to the DPC that the confidentiality clause cited in the 2018 law applied to its employees and any contractors.

The DPC insists it is not trying to exclude Mr. Schrems and Noyb from the case, but is acting to ensure a fair trial for all in an ongoing case. Before a final decision, it is now in a phase where observations and objections to its draft decision can be filed by parties to the case and other European data protection regulators.

Mr Schrems suggested that, far from pursuing due process, the DPC “rather serves the interests of Facebook Ireland Ltd. and even its own interests, trying to limit transparency and public scrutiny”. The DPC said it was operating under Ireland’s Fair Procedure Act and that “parties should have access to these documents, provided only that they agree to treat them as confidential in the decision-making process”. .