noyb got operational on May 25th 2018. We are currently starting with the first projects, of which many are researching enforcement options. Below you can find a list of projects we are currently working on. Some are work in progress, so we cannot tell the public too much about them – yet…
Current Enforcement Projects
Forced Consent (DPAs in Austria, Belgium, France, Germany and Ireland)
noyb filed four complaints over “forced consent” against Google, Instagram, WhatsApp and Facebook. Opposite to the rules under GDPR these companies have forced customers to agree to new privacy policies on a “take it or leave it” basis. The complaints were filed with DPAs in Austria, Belgium, France and Germany only hours after GDPR came into force. The cases from Austria, Belgium and Germany were sent to the Irish DPA under the new consistency mechanism. All DPAs have indicated that the cases should be dealth with by the European Data Protection Board (EDPB). More on this case soon…
EU-US Data Transfers (Court of Justice of the European Union)
noyb supports the pending case on EU-US data transfers under Standard Contractual Clauses and/or Privacy Shield (C-311/18). More on this case soon…
Right to Access (Austrian Federal Administrative Court)
noyb represents a customer of an Austrian bank, who wanted access to his bank account details – but was denied access. The Austrian DPA has decided in favor of the customer, but the bank appealed to the Federal Administrative Court (BVwG). noyb mad submissions on behalf of the customer under Art 80 GDPR.
Ambigous Consent (details not public)
After filing a first round of complaints on “forced consent” we are currently preparing complaints on “ambiguous consent” (e.g. “opt-out” or consent by “using a service” and alike). As soon as we are ready to file these cases, we will be able to share the details here.
Legitimate Interest (details not public)
noyb is currently researching the exact meaning for Art 6(1)(f) GDPR, which allows processing for “legitimate interests”. As soon as we finalized our research, we should be able to turn this research into enforcement actions.
Access Requests / Policy Review (details not public)
Together with a partner, noyb works on a review of privacy policies and also filed access requests in a specific industry sector. The project will roughly last until the end of 2018. As soon as we finalized our final report, we will be able to publish all details.
Current Research Projects
National Administrative Procedure
noyb is currently reviewing the national administrative procedures before DPAs, as they are often fundamentally different (e.g. access to documents, right to apply for certain actions by the DPAs). It is crucial for strategic litigation to ensure that we have a full overview of national procedural options.
National Implementation of GDPR
Current Outreach Projects
National Data Protection Organizations
noyb is currently reaching out to all other NGOs in the privacy area and specific players in the consumer rights and hacker sphere to better coordinate and collaborate.