noyb's first "Advent Reading" from Facebook and DPC documents!
Today we are glad to publish our first (still very improvised) advent reading from Facebook and DPC documents. This project is in protest of the DPC removing us from a procedure over alleged violations of confidentiality. To show that we are legally able to go much further than just publishing a (problematic) draft decision, we conduct a “reading” on all four advent Sundays from new documents that we are absolutely allowed to share.
Strategy behind alleged confidentiality. Overall, the aim of our “Advent Readings” is to clarify the status of documents in GDPR procedures and end years of threats and procedural unfairness by Facebook and the DPC against normal users, but also against other DPAs. Both entities developed a strategy to suppress information that is not favourable to them in order to shape public perception, but also gain a procedural advantage. While Facebook seems to mainly try to delay and complicate procedures, the DPC is using these strategies increasingly on the European level in cooperation procedures to undermine the “watchdog” function of other DPAs. After years of not wanting to start (yet another) debate about these procedural issues, we have decided that we have reached a point where these matters must be decided, as the DPC has unlawfully removed us from a procedure.
Legal "Fan Mail". Our first advent reading features “fan mail” from Philip Lee Solicitors, Mason Hayes and Curren and “FBIRLSP” – basically all threatening legal action against noyb, even before publication. We thank them for their participation and support and even offer a price for more such fan mail at the end of the video.
Today's Documents. The first documents are part of our 101 complaints on EU-US data transfers and an “intro” to the issue of delaying procedures with debates about jurisdiction and confidentiality. The first round consist of the following PDFs:
- Request by the Austrian DPA to Facebook Ireland of 1.4.2021 to clarify that questions need to be answered and that Facebook Inc in the USA was asked, not Facebook Ireland Ltd
- Submission by Facebook of 23.4.2021 insisting that the Irish DPC should have sole jurisdiction
- Letter by the Austrian DPA of 5.11.2021 highlighting that this is in fact about Facebook Inc (not Facebook Ireland) and delivery of submission by noyb (in German)
- Submission by Facebook of 26.5.2021 saying that they do not see a recipient of data in the US fall under the GDPR and demanding that all documents are kept confidential
- Letter by the Austrian DPA of 1.6.2021 saying that submissions have to be in German, that noyb has a right to be heard, that the submissions do not seem to contain any trade secrets or alike and that Facebook should name any legal basis for their claim of confidentiality (in German)
- Submission by Facebook of 23.5.2021 on why they think the GDPR does not apply to them as a US recipient of data, but also (again) demanding that all these submissions are not shared with noyb or anyone else, other than the Irish DPC
- Letter by the Austrian DPA of 28.6.2021 where they ask (now in bold letters) what Facebook could possibly consider confidential here, giving them a deadline of only one week to respond
- Final letter by Facebook of 8.7.2021 trying to impress the Austrian DPA with Austrian case law and again explicitly demanding that noyb should not be heard
The DSB has in turn provided us with all documents and hence rejected Facebook's claim of confidentiality.
These documents do not only show how Facebook started useless debates with the Austrian DPA about the confidentiality of documents, but also how the Austrian DSB had to remind Facebook that "the language for official procedures in Austria is German". At the same time Facebook played dumb and pretended the Austrian DSB did not "get" that it should have written to Facebook Ireland Limited instead of Facebook Inc. in the United States. The Austrian DSB had to go so far as to underline that it explicitly asked Facebook USA to answer. All of this shows a larger tactic to delay and obscure procedures. The documents show how Facebook was able to delay an answer for about three months just by debating the right entity and access to documents.
The Austrian DPA has provided us with all relevant documents (and considerably more than the downloads above). They decided that these documents are not protected under the relevant provision (§ 17 Abs 3 AVG) and resisted the pressure from Facebook. Facebook’s “confidentiality” claim was fully rejected.
