Max Schrems – the same Max Schrems that battled Facebook and won and the same Max Schrems that got the Court of Justice of the European Union to strike down Safe Harbor – that Max Schrems – has a new mission.
The General Data Protection Regulation, the new privacy law that takes effect in the European Union next May, allows for “Group Actions” – kind of, sort of, like class actions. Max’s new organization – NOYB for None of Your Business, plans to take on companies that are not following the GDPR law and make their life miserable. Ask Facebook. He is very tenacious.
His plan is to raise a half million Euros between now and May and then go on the attack.
GDPR allows for people to sue, but it is complicated and expensive. What if an NGO existed solely for the purpose of collecting these people, aggregating their claims and going after the offenders? It now exists and it is called NOYB.
Schrems has been pretty successful in the past, so I would not under estimate him.
If I were a company operating in the EU, I would definitely keep Schrems and NOYB on my radar screen.
In the mean time I would be working very hard to be in compliance with the regulations.
May 2018 is only 6 months away and the requirements of the GDPR may mean that you have to change data collection, data processing, data storage and data transmission practices as well as hiring a data protection officer. Those are only some things that are required.
Stay tuned. If history is any indication, Max could be trouble.
Information for this post came from the IAPP.