Europe v. Facebook? Reflections on the Future of Privacy Rights Enforcement in the EU
By Christian Hammerl*
For decades, European Union (EU) regulators have challenged Silicon Valley companies on issues ranging from alleged antitrust violations to, more recently, their data management practices. This article explores one of the newest areas of exposure facing U.S. businesses in Europeâconsumer privacy litigation. Increasingly, U.S. businesses find themselves before European courts defending actions brought by European plaintiffs under circumstances resembling U.S. consumer litigation.1By taking a closer look at one of those proceedings and its lead plaintiff, Max Schrems, this article provides a deeper understanding of the mindset of European consumers. Understanding the unique challenges presented by this environment should assist California businesses holding and processing personal data of European consumers, and their counsel, devise strategies for reducing the likelihood of being brought into a European court for seemingly trivial transgressions.
The latest episode of the case highlighted in this article, the dispute between Facebook and Max Schrems, is currently playing out in the courts of Austria. Following a dismissal on jurisdictional grounds after a hearing on April 9, 2015, the case currently is on appeal in Vienna, Austria, before the local equivalent of a U.S. circuit court. Regardless of the outcome, the case is instructive beyond the immediate issues dealt with by the court. At a minimum, it serves as an example of the inefficiencies of both private party litigation and regulatory enforcement as tools for resolving disputes involving privacy rights violation claims in the current EU/Austrian legal framework. As demonstrated by a review of the draft of the General Data Protection Regulation of 2012,2 which is the European Commission’s proposed comprehensive reform of EU data protection rules, if this regulation is enacted by the EU as currently drafted, some of those inefficiencies likely will persist. Thus, the most likely source of relief could be in Facebook’s home jurisdiction, California, if an increase in consumer demand for privacy protection leads to state legislation, which in turn could influence federal and EU laws and regulations.