Privacy activist Max Schrems is at it again. Early morning on May 25, 2018, Mr. Schrems’ group – NOYB.eu (none of your business), filed complaints in four EU member countries claiming that the purported GDPR consents now obtained by Facebook and Google are impermissible “forced consents” given they provide nothing more than a take it or leave it proposition for users. Facebook previously launched a campaign claiming that it was fully on board with GDPR despite the risks entailed in these “pop up consents”.
Max Schrems should not be underestimated – he single-handedly forced a replacement to the former EU Safe Harbor regime. The Safe Harbor regime previously governed data transfers between the US and EU but was invalidated on October 6, 2015 in a case brought by Mr. Schrems in the EU Court of Justice.
Mr. Schrems’ most recent actions go at the heart of the current online advertising duopoly and his actions against Facebook and Google should be taken seriously by them given Schrems’ prior successes and the fact he may very well be correct in his assessment of GDPR – a privacy regime that is purposefully ambiguous in the area of consent.