|Founded||June 12, 2017|
NOYB – European Center for Digital Rights (styled as noyb, from "none of your business") is a non-profit organization based in Vienna, Austria established in 2017. Despite being based in Vienna, the focus of NOYB is pan-European. Co-founded by Austrian lawyer and privacy activist Max Schrems, NOYB aims to launch strategic court cases and media initiatives in support of the General Data Protection Regulation (GDPR), the proposed ePrivacy Regulation, and information privacy in general. It was funded after a funding period during which it has raised €250,000 in annual donations by supporting members. Currently NOYB is financed by more than 3,500 supporting members.
While many privacy organisations focus attention on governments, NOYB puts its focus on privacy issues and privacy violations in the private sector. Under Article 80, the GDPR foresees that non-profit organizations can take action or represent users. It was also recognized as a "qualified entity" to bring consumer class actions in Belgium.
NOYB works on different legal actions against tech companies that allegedly violated the GDPR, they include:
EU–US data transfers (Schrems II)
The Irish Data Protection Commission (DPC) has filed a lawsuit against him and Facebook in 2016 that is based on a complaint from 2013, which has already led to the so-called "Safe Harbor Decision". This decision the Court of Justice of the European Union (CJEU) has invalidated the Safe Harbor data transfer system. When the case was referred back to the DPC the Irish regulator found that Facebook has in fact relied on Standard Contact Clauses, not on the invalidated Safe Harbor. The DPC then found that there were "well-founded" concerns by Mr Schrems under these instruments too, but instead of taking action against Facebook, initiated proceedings against Facebook and Mr Schrems before the Irish High Court. The case was ultimately referred to the CJEU in C-311/18 (called 'Schrems II'). NOYB supported this private case of Mr Schrems.
"Forced consent" complaints (2018)
Within hours after General Data Protection Regulation rules went into effect on 25 May 2018, NOYB filed complaints against Facebook and subsidiaries WhatsApp and Instagram, as well as Google LLC (targeting Android), for allegedly violating Article 7(4) by attempting to completely block use of their services if users decline to accept all data processing consents, in a bundled grant which also includes consents deemed unnecessary to use the service. Based on the complaint, the French data protection authority CNIL has issued a €50 Mio fine against Google LLC.
Open letter on GDPR cooperation mechanism (2020)
NOYB also focuses on putting pressure on regulators to enforce privacy laws on the books. In an open letter, NOYB has accused the Irish Data Protection Commission of acting too slow and having 10 meetings with Facebook before the coming into application of the GDPR.
NOYB also started a collaborative wiki on the General Data Protection Regulation, called GDPRhub.eu. On the webpage they collect English summaries of local GDPR decisions by Data Protection Authorities or Courts.
- "Austrian activist launches consumers' digital rights group". Associated Press. November 28, 2017. Archived from the original on December 11, 2017. Retrieved December 10, 2017.
- Scally, Derek (November 30, 2017). "Time to tell tech firms that private data is 'none of your business' – Max Schrems". The Irish Times. Archived from the original on November 30, 2017. Retrieved December 10, 2017.
- Hill, Rebecca (November 29, 2017). "Max Schrems launches privacy NGO, wins €60k within first 24 hours". The Register. Archived from the original on November 29, 2017. Retrieved December 10, 2017.
- "Press release by noyb" (PDF). noyb.eu.
- "L_2016119EN.01000101.xml". eur-lex.europa.eu. Retrieved 2020-06-08.
- "Moniteur Belge - Belgisch Staatsblad". www.ejustice.just.fgov.be. Retrieved 2020-10-31.
- "GDPR: noyb.eu filed four complaints over "forced consent" against Google, Instagram, WhatsApp and Facebook" (PDF). NOYB.eu. 25 May 2018. Archived (PDF) from the original on 25 May 2018. Retrieved 26 May 2018.
- "Facebook and Google hit with $8.8 billion in lawsuits on day one of GDPR". The Verge. Archived from the original on 25 May 2018. Retrieved 26 May 2018.
- "Max Schrems files first cases under GDPR against Facebook and Google". The Irish Times. Archived from the original on 25 May 2018. Retrieved 26 May 2018.
- "Facebook, Google face first GDPR complaints over 'forced consent'". TechCrunch. Archived from the original on 26 May 2018. Retrieved 26 May 2018.
- Meyer, David. "Google, Facebook hit with serious GDPR complaints: Others will be soon". ZDNet. Archived from the original on 28 May 2018. Retrieved 26 May 2018.
- "The CNIL's restricted committee imposes a financial penalty of 50 Million euros against GOOGLE LLC | CNIL". www.cnil.fr. Retrieved 2020-06-08.
- "Open Letter on "confidential" dealings in Facebook case". noyb.eu. Retrieved 2020-06-08.
- Vinocur, Nicholas (2019-12-27). "'We have a huge problem': European regulator despairs over lack of enforcement". Politico. Archived from the original on 2019-12-28. Retrieved 2019-12-29.