DPC "requires" noyb to take down documents from website
DPC sent "take down request" to noyb, after publishing a problematic Draft Decision stripping Facebook users of their rights under GDPR.
Yesterday night, the Irish Data Protection Commission (DPC) sent an extraordinary letter (PDF) to noyb, saying it would "require [noyb] to remove the draft decision from your website forthwith, and to desist from any further or other publication or disclosure of same". noyb refused to self-censor and limit the public's access to problematic decisions. Alternatively, noyb invited the DPC to bring legal proceedings before the relevant Court in Austria, instead of sending letters that are intended to intimidate complainants.
- "Take Down" request by the DPC of 14.10.2021 (PDF)
- Response by noyb of 15.10.2021 (PDF)
- noyb's posting on the draft decision
Austrian Law applicable. noyb represents a data subject before the Austrian Data Protection Authority (DPA) and is therefore subject to § 17 of the Austrian Administrative Procedures Act (AVG) that does not foresee any limitations regarding the use of the documents, which was confirmed by the Austrian DPA multiple times.
No "undertaking". In its letter, the DPC selectively quotes from various exchanges in which the DPC insisted that documents would be confidential. All relevant exchanges highlight that noyb does not accept this position. However, for the sake of a smooth cooperation between the DPC and the Austrian DPA, noyb has factually refrained from publishing the relevant documents during the investigation. The investigation stage is long closed by now. Contrary to the suggestions in the DPC's letter, noyb has never given any undertaking or assurance not to use these documents.
Max Schrems, Chair of noyb: "The DPC knows that there is no legal basis to demand that we withhold relevant documents from the public. Instead, they now cite letters that are partly more than two years old. If these letters are read in full, they all confirm that we have always rejected any suggestion that we cannot publish these documents.”
Problematic relationship with transparency and criticism. The DPC has has a long-standing policy to limit public engagement and transparency. It regularly relies on a broad exemption from the Irish Freedom of Information Act, demands ‘non disclosure’ agreements from parties in procedures, demanded the European Parliament to even change its procedures when hearing Helen Dixon to limit criticism and runs a tight public relations department that limits interviews of critical journalists.
Schrems: "This letter is part of a general approach by the DPC to stifle criticism. The DPC is regularly demanding various 'non disclosure' agreements from complainants and even asks journalists to get questions pre-approved. Overall the DPC wants to control every element in the public domain, which is unheard of in a democratic society.”
noyb’s position is clear. noyb's role under Article 80 GDPR is to engage with authorities and follow the development of the GDPR. This may include the publication of decisions that are of relevance to the public, if permitted by law. In fact, many European DPAs actively publish decisions themselves in an effort to be transparent and inform the public.
Schrems: “We have a very positive relationship with the authorities, also when there are different views. It is normal in a democratic society that civil society actors question the decisions of authorities at times. The DPC is the only public body that I ever came across that cannot accept such criticism and undertakes extreme efforts to silence the public debate.”
In accordance with Austrian law, the relevant documents are still available on noyb.eu