The Austrian Supreme Court gave Meta a 14-days deadline, ending on December 31, to give back users access to all their data and to suspend all personalized advertising that breach laws on big data and privacy.
After an 11-year legal battle. the Austrian Supreme Court’s (OGH) decision was led by privacy activist Max Schrems to strikes at the heart of Meta’s practices that breach big data privacy.
The judges rejected Meta’s claims of trade secrets and ordered full transparency under Article 15 General Data Protection Regulation (GDPR). The court also ruled that tracking users for advertising without explicit consent is illegal.
Meta’s hour of judgement comes with pressure from the US over its handling of sensitive data management and collection.
Sensitive Data Exposure Without Limitations
Under the GDPR’s Article 15, the court ruled Meta must provide Schrems with a complete copy of all big data and privacy policies concerning the giant’s handling of users’ sensitive data the sources, recipients and the purpose behind each piece of info that was used within 14 days.
Meta had previously limited access to what it described as “relevant” sensitivity of data via a download tool.
“It took 11 years, but now there is a final ruling that Meta must provide unprecedented access to all data it has ever collected about Mr Schrems. This goes far beyond the download tool or information on the website,” said the lawyer representing Schrems, Katharina Raabe-Stuppning.
“For more than a decade, Meta has resisted to grant full transparency on what data it processes on European users. The ruling is directly enforceable throughout the EU,” the lawyer added.
According to the court’s filing, Meta had no legal basis to process Schrems’ data privacy governance for personalized advertising, echoing earlier findings by the European Union (EU) Court of Justice.
“The Austrian Supreme Court – again – made clear that Meta needs opt-in consent to track people and use their data for advertisement,” Raabe-Stuppning said.
The judges dismissed Meta’s argument ofsensitive data exposure that it does not intentionally collect big data and privacy sensitive data.
The court also ruled that any information revealing political views, sexual orientation or health must be treated separately, unless a valid legal basis under Article 9 GDPR applies.
From Europe to California, Personal Data and Sensitive Data
The Austrian court’s ruling on Meta handling of big data and privacy is accompanied by other legal challenges for Facebook parent.
In August, a California jury found that Meta violated the state’s Invasion of Privacy Act by “intentionally” recording sensitive health information from millions of women through the Flo menstrual tracking app.
Jurors ruled that users reasonably expected their health data would not be shared, and that Meta lacked consent.
The Invasion of Privacy Act dictates that no person or company may intentionally record, intercept, or eavesdrop on confidential communications without the consent of all parties involved, making unauthorized data collection and surveillance a violation of the law.
“We vigorously disagree with this outcome and are exploring all legal options. The plaintiffs’ claims against Meta are simply false,” a spokesperson told TechCrunch, adding that the company does not want health or other sensitive information.
“Platforms like Facebook or Instagram have huge influence, for example via pushing political views on users,” Max Schrems welcomed the Austrian ruling of big data privacy protectionas long overdue, adding “it was always absurd for Meta to claim that it does not process such data and must not comply with the law.”
The court awarded Schrems $545 (€500) in damages – a modest sum that could have wide consequences for future data privacy controls.
“It seems realistic for data subjects to at least claim € 500 in non-material damages for the extensive violations of the GDPR that Meta engaged in,” Raabe-Stuppning said, calling it a potential benchmark for future cases.
After 11 years, three Supreme Court rulings and two EU court sensitive data interventions, the message when it comes to data privacy controls is unmistakable, transparency is no longer optional. And for Big Tech, the cost of resisting big data and privacy may finally be higher than compliance itself.
Inside Telecom provides you with an extensive list of content covering all aspects of the tech industry. Keep an eye on our Tech sections to stay informed and up-to-date with our daily articles.