DPC asks NOYB to remove draft decision on Facebook from website

Ireland’s Data Protection Commission (DPC) has written to Max Schrems’s NOYB organisation asking it to remove a draft decision that it had published on its website.

The commission was investigating a complaint by NOYB that Facebook has “bypassed the GDPR” by changing terms and conditions for users so that it no longer needs consent to process personal data. It is alleged it has done this by relabelling agreements on data use as a “contract”.

Max Schrems, founder of NOYB. Photograph: Joe Klamar/AFP/Getty
Max Schrems, founder of NOYB. Photograph: Joe Klamar/AFP/Getty

The draft decision from the DPC proposed a penalty of between €28 million and €36 million for Facebook. It has been sent to fellow European data protection agencies and they have a month to respond to its findings.

In the letter to Mr Schrems’s organisation, the DPC said the inquiry materials needed to be treated as confidential to preserve the integrity of the process, and publication of the draft decision was a “flagrant breach” of the binding commitment the organisation had made to respect the confidentiality of the process.


Mr Schrems criticised the DPC, claiming the letter was part of a general approach by the commission to stifle criticism and “silence debate”.

Legal basis

In a statement, Mr Schrems said the NOYB group had always refused suggestions that the documents could not be published.

“The DPC knows that there is no legal basis to demand that we withhold relevant documents from the public. Instead, they now cite letters that are partly more than two years old. If these letters are read in full, they all confirm that we have always refused any suggestion that we cannot publish these documents,” he said.

See also  Men’s Wearhouse Taps Michael Strahan to Outfit Post-Pandemic Professionals

A spokesman for the DPC said the commission was unable to comment as the process was still ongoing. “We have sent the draft decision to the other concerned supervisory authorities under Article 60 of the GDPR,” he said.

In the letter sent to NOYB, the DPC refuted claims that the confidentiality “required by this office” had no legal basis, and said such assertions had “at all material times been rejected by this office”.

“The deliberate and calculated breach by you of your voluntary undertaking represents an unlawful and entirely improper interference in the GDPR-mandated processes by which the draft decision delivered by the DPC in respect of your complaint is being examined and considered by the CSAs [concerned supervisory authorities],” the letter said.


Leave a Reply

This website uses cookies. By continuing to use this site, you accept our use of cookies.