Abstract
With the Cambridge Analytica/Facebook scandal, online surveillance clearly showed its negative effects. However, few individuals were able to recover any damages from the data protection violation that occurred. The EU General Data Protection Regulation contains legal tools to coordinate the interests of data subjects together in the case of infringements that occur across member states of the European Union, not only at the national level (Article 80), but potentially at the transnational level, as implied by Article 81. However, only a reform addressing the rules applicable to the standing of associations and non-governmental organisations in transnational claims as well as those concerning jurisdiction and international lis pendens would allow EU citizens to take full advantage of this opportunity.
Highlights
The Cambridge Analytica/Facebook scandal revealed the level of surveillance we may be subject to during the time we spend online
The CA/FB case was shocking for two main reasons: first, because the collection of data was concealed within a quiz app able to access information in the profiles and about the ‘friends’ of the people that took the quiz; and second, and most importantly, because Facebook CEO Mark Zuckerberg did not decide to notify the competent authorities of the unlawful data processing immediately, even though he was aware that the data gathered were subsequently sold to Cambridge Analytica
In the event that the member state provides for an opt-out collective action, where an association or an NGO is authorised to act on behalf of the data subjects without any individual mandate, which effects will the decision of the judicial authority have vis-à-vis the data subjects that did not take part in the action? According to Article 80 General Data Protection Regulation (GDPR), member states are free to include this procedure, but the article is silent on the third party effects of the decision
Summary
The Cambridge Analytica/Facebook (hereinafter CA/FB) scandal revealed the level of surveillance we may be subject to during the time we spend online. There are several open issues regarding better solutions to implement this provision at the national level, it is interesting to note that an element that is crucial in the online environment is the possibility of coordinating actions across different EU member states when violations occur in several countries as a result of the conduct This element is addressed in Article 81 GDPR, which provides a special rule on lis pendens in cases where the same data controller or processor is party to different proceedings in different EU member states, or the proceedings concern the same subject. 3 Article 81(2) GDPR provides that “where proceedings concerning the same subject matter as regards processing of the same controller or processor are pending in a court in another Member State, any competent court other than the court first seized may suspend its proceedings” This provision paves the way for transnational collective actions, which in principle may achieve positive results for both parties:.
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
