NOYB – European Center for Digital Rights (styled as noyb, from "none of your business") is a non-profit organization based in Vienna, Austria established in 2017. Despite being based in Vienna, the focus of NOYB is pan-European. Co-founded by Austrian lawyer and privacy activist Max Schrems, NOYB aims to launch strategic court cases and media initiatives in support of the General Data Protection Regulation (GDPR), the proposed ePrivacy Regulation, and information privacy in general. It was funded after a funding period during which it has raised €250,000 in annual donations by supporting members.Currently NOYB is financed by more than 3,500 supporting members.
While many privacy organisations focus attention on governments, NOYB puts its focus on privacy issues and privacy violations in the private sector. Under Article 80, the GDPR foresees that non-profit organizations can take action or represent users. It was also recognized as a "qualified entity" to bring consumer class actions in Belgium.
NOYB works on different legal actions against tech companies that allegedly violated the GDPR, they include:
EU-US data transfers (Schrems II)
The Irish Data Protection Commission (DPC) has filed a lawsuit against him and Facebook in 2016 that is based on a complaint from 2013, which has already led to the so-called "Safe Harbor Decision". This decision the Court of Justice of the European Union (CJEU) has invalidated the Safe Harbor data transfer system. When the case was referred back to the DPC the Irish regulator found that Facebook has in fact relied on Standard Contact Clauses, not on the invalidated Safe Harbor. The DPC then found that there were "well-founded" concerns by Mr Schrems under these instruments too, but instead of taking action against Facebook, initiated proceedings against Facebook and Mr Schrems before the Irish High Court. The case was ultimately referred to the CJEU in C-311/18 (called 'Schrems II'). NOYB supported this private case of Mr Schrems.
"Forced Consent" Complaints (2018)
Within hours after General Data Protection Regulation rules went into effect on 25 May 2018, NOYB filed complaints against Facebook and subsidiaries WhatsApp and Instagram, as well as Google LLC (targeting Android), for allegedly violating Article 7(4) by attempting to completely block use of their services if users decline to accept all data processing consents, in a bundled grant which also includes consents deemed unnecessary to use the service. Based on the complaint, the French data protection authority CNIL has issued a €50 Mio fine against Google LLC.
Open Letter on GDPR cooperation mechanism (2020)
NOYB also focuses on putting pressure on regulators to enforce privacy laws on the books. In an open letter, NOYB has accused the Irish Data Protection Commission of acting too slow and having 10 meetings with Facebook before the coming into application of the GDPR.
NOYB also started a collaborative Wiki on the General Data Protection Regulation, called GDPRhub.eu. On the webpage they collect English summaries of local GDPR decisions by Data Protection Authorities or Courts.