Facebook Faces Privacy Lawsuit In Ireland

Austrian privacy group is preparing for a lawsuit against Facebook after more than a year of campaigning for changes

An Austrian student group that has been campaigning to improve Facebook’s privacy controls for more than a year has said it is now preparing to sue the social network.

Europe-v-Facebook.org said its complaints to the Irish Data Protection Commissioner (DPC) have yielded some potentially significant results, for example prompting Facebook to switch off its facial recognition feature for EU users. However, to date the process has not resulted in any legally binding decision, said Max Schrems, the Austrian law student who started the Europe-v-Facebook campaign.

Binding decision

“After more than a year we have to come to a binding decision one way or another,” Schrems stated.

Schrems said he will ask the Irish data protection commissioner for a formal, legally binding decision on his 22 complaints, but expects it will be necessary to challenge the decision in court. Facebook’s Irish office is the headquarters for the company’s operations outside of the US and Canada.

“We have to assume that the authority in many cases won’t decide in favour of users but in favour of Facebook. Such a decision can be contested by us at court,” Europe-v-Facebook stated.

The group has launched a “crowd-funding” platform to take donations to fund a possible court battle, which it estimates could cost 100,000 to 300,000 euros (£80,000 to £160,000).

“If we get these things before the courts, it is very likely that it will go all the way to the European Court of Justice,” Schrems stated. “Such a case would be a landmark for the whole IT industry.”


The group has also produced a 70-page assessment of the privacy changes at Facebook to date, in response to a request by the Irish DPC. The improvements to date have been significant, but in many cases still don’t bring Facebook into compliance with European data protection law, Schrems argued.

In September, Facebook said it would voluntarily switch off its facial recognition feature for EU users, and in early November it made further changes to its privacy policies. Both moves were due to pressure brought on the company by the Irish DPC due to Schrems’ complaints.

In June of last year Schrems asked Facebook for a copy of the personal data the site held on him after having attended a lecture by a Facebook executive. The 24-year old was surprised when he received a CD that was said to contain 1,200 items of personal data, much of which he had thought deleted.

The information included a log of all his previous Facebook chats, detagged photos, the names of people he had “poked”, events he had attended, and rejected friend requests, amongst other information.

Facebook is facing a class-action lawsuit in the US, where it is accused of having publicised users’ “Likes” without their having a way to opt out. A US judge recently gave preliminary approval to a second settlement attempt which would see Facebook paying users up to $10 (£6) each out of a settlement fund of $20m.

User voting

The company on Monday opened user voting on a number of policy changes, including a proposal which would allow it to share user information with subsidiaries such as Instagram, thus allowing it to build more unified profiles of its users.

The vote is only binding if one-third of the company’s 1 billion users participate, and neither of Facebook’s previous votes attracted the requisite proportion of voters.

Do you know all about IBM, the founder of the IT industry?Take our quiz!