Europe digital rights group sues Ireland data regulator for corruption
madartzgraphics / Pixabay
Europe digital rights group sues Ireland data regulator for corruption

The Noyb-European Center for Digital Rights has filed a corruption complaint against the Irish Data Protection Commission (DPC) for procedural blackmail in relation to its case against Facebook (now Meta) for violating the General Data Protection Regulation’s (GDPR) consent requirements.

Noyb filed the complaint on Tuesday in the Austrian Office for the Prosecution of Corruption under Section 305 of the Austrian Criminal Code. The DPC demanded Noyb sign a non-disclosure agreement (NDA) within one working day, or the regulator would refuse to hear the Noyb complainant.

Noyb argues that this NDA would benefit Facebook and the Irish DPC since the new documents indicate that other European Union (EU) regulators may find Facebook’s current consent requirements illegal. If the other regulators ultimately overturn the DPC’s draft decision in favour of Facebook, most commercial use of personal data in the EU since 2018 would be retroactively declared illegal. Facebook would suffer a legal disaster and the DPC would suffer reputational damage.

Noyb argues that the DPC has no legal basis to demand confidentiality for documents in a public proceeding concerning millions of users. It alleges that the DPC lacks jurisdiction outside Ireland, and, even if the documents were to be served directly under Irish law, there is no legal duty for parties to keep documents confidential under Irish law.

Max Schrems, the Austrian lawyer and privacy activist who founded Noyb, said:

The DPC acknowledges that it has a legal duty to hear us, but it now engaged in a form of ‘procedural coercion.’ The right to be heard was made conditional on [Nyob] signing an agreement to the benefit of the DPC and Facebook. It is nothing but an authority demanding to give up the freedom of speech in exchange for procedural rights.

The DPC told Techcrunch that confidentiality was necessary to ensure procedural fairness for all parties under the GDPR, the Irish Data Protection Act 2018 and constitutional obligations.