The background is a lawsuit by Austrian data protection activist Maximilian Schrems that the processing of his personal data by Meta Platforms Ireland violates the General Data Protection Regulation.
- Also read: ECJ: Police are allowed to access personal cell phone data
In the past, Schrems had achieved two successes before the ECJ in his disputes with Facebook, which concerned data exchange between the USA and the European Union. The Austrian Supreme Court (OGH) had now submitted a series of questions to the ECJ regarding the conditions under which the processing of personal data, including sensitive data, is permitted under the General Data Protection Regulation (GDPR).
Data minimization?
There were two main questions: Can all personal data be processed without time restrictions or does the principle of “data minimization” apply here? Under what conditions is Facebook allowed to use published sensitive data for advertising?
First, the Court replies that it would be contrary to the principle of “data minimization” set out in the GDPR for all personal data received by a controller such as the operator of an online platform, collected both on and off that platform, to be unlimited in time and collected and processed for targeted advertising purposes without distinction according to their type.
“}”>
Image: (REUTERS)
Source: Nachrichten