noyb became operational on May 25th 2018. We are currently starting with the first projects, many of which are exploring enforcement options. Below you can find a list of projects we are currently working on. Some are work in progress and, as such, details need to remain confidential for the time being.

Current Enforcement Projects

Forced Consent (DPAs in Austria, Belgium, France, Germany and Ireland)

noyb filed four complaints over “forced consent” against Google, Instagram, WhatsApp and Facebook. Opposite to the rules under GDPR these companies have forced customers to agree to new privacy policies on a “take it or leave it” basis. The complaints were filed with DPAs in Austria, Belgium, France and Germany only hours after GDPR came into force. The cases from Austria, Belgium and Germany were sent to the Irish DPA under the new consistency mechanism. More on this case soon…

EU-US Data Transfers (Court of Justice of the European Union)

noyb supports the pending case on EU-US data transfers under Standard Contractual Clauses and/or Privacy Shield (C-311/18). More on this case soon…

Right to Access (Austrian Federal Administrative Court)

noyb represents a customer of an Austrian bank, who wanted access to his bank account details – but was denied access. The Austrian DPA has decided in favor of the customer, but the bank appealed to the Federal Administrative Court (BVwG). noyb made submissions on behalf of the customer under Art 80 GDPR.

Ambigous Consent (details not public)

After filing a first round of complaints on “forced consent” we are currently preparing complaints on “ambiguous consent” (e.g. “opt-out” or consent by “using a service” and alike). As soon as we are ready to file these cases, we will be able to share the details here.

Legitimate Interest (details not public)

noyb is currently researching the exact meaning for Art 6(1)(f) GDPR, which allows processing for “legitimate interests”. As soon as we finalized our research, we should be able to turn this research into enforcement actions.

Access Requests / Policy Review (details not public)

Together with a partner, noyb works on a review of privacy policies and also filed access requests in a specific industry sector. The project will roughly last until the end of 2018. As soon as we finalized our final report, we will be able to publish all details.

Current Research Projects

National Administrative Procedure

noyb is currently reviewing the national administrative procedures before DPAs, as they are often fundamentally different (e.g. access to documents, right to apply for certain actions by the DPAs). It is crucial for strategic litigation to ensure that we have a full overview of national procedural options.

National Implementation of GDPR
noyb is currently mapping and reviewing the national implementation laws on GDPR.

Current Outreach Projects

National Data Protection Organizations

noyb is currently reaching out to all other NGOs in the privacy area and specific players in the consumer rights and hacker sphere to better coordinate and collaborate.