From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

Logo-noyb cmyk.png
FoundedJune 12, 2017 (2017-06-12)
FounderMax Schrems
Typenon-profit organization
Registration no.1354838270
Key people
Max Schrems
Petra Leupold
Christof Tschohl

NOYB – European Center for Digital Rights (styled as noyb, from "none of your business") is a non-profit organization based in Vienna, Austria established in 2017 with a pan-European focus. Co-founded by Austrian lawyer and privacy activist Max Schrems, NOYB aims to launch strategic court cases and media initiatives in support of the General Data Protection Regulation (GDPR), the proposed ePrivacy Regulation, and information privacy in general.[1][2] It was funded after a funding period during which it has raised €250,000 in annual donations by supporting members.[3] Currently NOYB is financed by more than 3,500 supporting members.[4]

While many privacy organisations focus attention on governments, NOYB puts its focus on privacy issues and privacy violations in the private sector. Under Article 80, the GDPR foresees that non-profit organizations can take action or represent users.[5] It was also recognized as a "qualified entity" to bring consumer class actions in Belgium.[6]

Notable actions[edit]

The following is a listing of the various legal cases noyb has spearheaded.

EU–US data transfers/'Schrems I' (2016)[edit]

The Irish Data Protection Commission (DPC) has filed a lawsuit against Schrems and Facebook in 2016 that is based on a complaint from 2013, which has already led to the so-called "Safe Harbor Decision". This decision the Court of Justice of the European Union (CJEU) has invalidated the Safe Harbor data transfer system. When the case was referred back to the DPC the Irish regulator found that Facebook has in fact relied on Standard Contact Clauses, not on the invalidated Safe Harbor. The DPC then found that there were "well-founded" concerns by Mr Schrems under these instruments too, but instead of taking action against Facebook, initiated proceedings against Facebook and Mr Schrems before the Irish High Court. The case was ultimately referred to the CJEU in C-311/18 (called 'Schrems II': see Max Schrems#Schrems II). NOYB supported this private case of Mr Schrems.

"Forced consent" complaints (2018)[edit]

Within hours after General Data Protection Regulation rules went into effect on 25 May 2018, NOYB filed complaints against Facebook and subsidiaries WhatsApp and Instagram, as well as Google LLC (targeting Android), for allegedly violating Article 7(4) by attempting to completely block use of their services if users decline to accept all data processing consents, in a bundled grant which also includes consents deemed unnecessary to use the service.[7][8][9][10][11] Based on the complaint, the French data protection authority CNIL has issued a €50 Mio fine against Google LLC.[12]

Apple Tracking Case (2020)[edit]

In mid November 2020, announced that complaints were filed to both the German and Spanish Data Protection Authorities,[13] [14][15] claiming "IDFA (Apple’s Identifier for Advertisers) allows Apple and all apps on the phone to track a user and combine information about online and mobile behaviour".[16] In a slight change from their previous legal strategy in other similar cases, noyb notes that, because the complaint is based on Article5(3) of the e-Privacy Directive and not GDPR, the Spanish and German authorities can directly fine Apple, without appealing to EU Data Protection Authorities under GDPR.

"EU law protects our devices from external tracking. Tracking is only allowed if users explicitly consent to it. This very simple rule applies regardless of the tracking technology used. While Apple introduced functions in their browser to block cookies, it places similar codes in its phones, without any consent by the user. This is a clear breach of EU privacy laws."

— Stefano Rossetti, privacy lawyer at

“The claims made against Apple in this complaint are factually inaccurate and we look forward to making that clear to privacy regulators should they examine the complaint. Apple does not access or use the IDFA on a user’s device for any purpose. Our aim is always to protect the privacy of our users and our latest software release, iOS 14, is giving users even greater control over whether or not they want to allow apps to track them by linking their information with data from third parties for the purpose of advertising, or sharing their information with data brokers. Our practices comply with European law and support and advance the aims of the GDPR and the e-Privacy Directive, which is to give people full control over their data.”

— Apple, in response via Financial Times[17]

Open letter on GDPR cooperation mechanism (2020)[edit]

NOYB also focuses on putting pressure on regulators to enforce privacy laws on the books. In an open letter,[18] NOYB has accused the Irish Data Protection Commission of acting too slow and having 10 meetings with Facebook before the coming into application of the GDPR.[19]

Google Advertising ID tracking (2021)[edit]

On April 7, 2021, noyb filed a complaint in France charging that Android users were being tracked by Google without giving consent.[20][21]

"Google’s software creates the AAID without the user’s knowledge or consent. The identification number functions like a license plate that uniquely identifies the phone of a user and can be shared among companies. After its creation, Google and third parties (e.g. applications providers and advertisers) can access the AAID to track users’ behaviour, elaborate consumption preferences and provide personalised advertising. Such tracking is strictly regulated by the EU “Cookie Law” (Article 5(3) of the e-Privacy Directive) and requires the users’ informed and unambiguous consent."[22]

“Imagine having coloured powder on your feet and hands that marks your every step and action: everything you touch within the mobile ecosystem. And you can’t remove it - you can only change it to a different color. This is what the Android Advertising ID is all about – a tracker that marks your every action within and beyond the mobile ecosystem.”

— Stefano Rossetti, privacy lawyer at


NOYB also started a collaborative wiki on the General Data Protection Regulation, called On the webpage they collect English summaries of local GDPR decisions by Data Protection Authorities or Courts.


  1. ^ "Austrian activist launches consumers' digital rights group". Associated Press. 28 November 2017. Archived from the original on 11 December 2017. Retrieved 10 December 2017.
  2. ^ Scally, Derek (30 November 2017). "Time to tell tech firms that private data is 'none of your business' – Max Schrems". The Irish Times. Archived from the original on 30 November 2017. Retrieved 10 December 2017.
  3. ^ Hill, Rebecca (29 November 2017). "Max Schrems launches privacy NGO, wins €60k within first 24 hours". The Register. Archived from the original on 29 November 2017. Retrieved 10 December 2017.
  4. ^ "Press release by noyb" (PDF).
  5. ^ "L_2016119EN.01000101.xml". Retrieved 8 June 2020.
  6. ^ "Moniteur Belge - Belgisch Staatsblad". Retrieved 31 October 2020.
  7. ^ "GDPR: filed four complaints over "forced consent" against Google, Instagram, WhatsApp and Facebook" (PDF). 25 May 2018. Archived (PDF) from the original on 25 May 2018. Retrieved 26 May 2018.
  8. ^ "Facebook and Google hit with $8.8 billion in lawsuits on day one of GDPR". The Verge. Archived from the original on 25 May 2018. Retrieved 26 May 2018.
  9. ^ "Max Schrems files first cases under GDPR against Facebook and Google". The Irish Times. Archived from the original on 25 May 2018. Retrieved 26 May 2018.
  10. ^ "Facebook, Google face first GDPR complaints over 'forced consent'". TechCrunch. Archived from the original on 26 May 2018. Retrieved 26 May 2018.
  11. ^ Meyer, David. "Google, Facebook hit with serious GDPR complaints: Others will be soon". ZDNet. Archived from the original on 28 May 2018. Retrieved 26 May 2018.
  12. ^ "The CNIL's restricted committee imposes a financial penalty of 50 Million euros against GOOGLE LLC | CNIL". Retrieved 8 June 2020.
  15. ^ "Apple tracks iPhone users without consent, claims activist Max Schrems". 16 November 2020. Retrieved 16 November 2020.
  16. ^ "noyb files complaints against Apple's tracking code "IDFA"".
  17. ^ "Apple tracks iPhone users without consent, claims activist Max Schrems". 16 November 2020. Retrieved 16 November 2020.
  18. ^ "Open Letter on "confidential" dealings in Facebook case". Retrieved 8 June 2020.
  19. ^ Vinocur, Nicholas (27 December 2019). "'We have a huge problem': European regulator despairs over lack of enforcement". Politico. Archived from the original on 28 December 2019. Retrieved 29 December 2019.
  20. ^ Boland, Hannah. (7 April 2021). "Google accused of tracking Android users without their consent". The Telegraph website Retrieved 9 April 2021.
  21. ^ "Complaint filed to the Data Protection Authority of France" (PDF). Retrieved 9 April 2021.
  22. ^ "Buy a phone, get a tracker: unauthorized tracking code illegally installed on Android phones". Retrieved 9 April 2021.

External links[edit]