A class action suit against Facebook is moving ahead after a court in Vienna decided the company must respond to the privacy complaints against it.
At the start of August, a group of users led by privacy activist and lawyer Max Schrems filed suit against Facebook's Irish subsidiary in a court in the Austrian capital, alleging multiple violations of privacy law.
Among the complaints are that Facebook's data use policy violates EU law; that data can be reused by the company without a users' effective consent; and the unauthorised passing on of data to third-party applications.
There are more than 25,00 individuals now listed on the class action and tens of thousands more have registered to be added if the claim is expanded. The group, known as Europe-v-Facebook, is demanding €500 per individual in damages.
On Thursday, the Vienna Regional Court ruled that Facebook has four weeks to address the complaints, though it can apply for an extension of a further four weeks. If it doesn't make any response to the suit, the judge can rule without it.
"The main point is that the major internet companies do not respect our fundamental rights to privacy and data protection. Facebook is only one example of many, but one has to start somewhere," the group says on its website.
It's already taken on Facebook in the Irish courts, where a similar case is still ongoing
"In the beginning, we made great progress in Ireland. As a result of our complaints, Facebook had to delete data and deactivate its facial recognition all over the world. However, over time it became clear that the Irish authorities had no interest in enforcing substantial changes. The proceedings will soon reach the end of their third year and we are still being promised a decision 'in the near future'," Schrems said.
In 2011, work by the campaign group led to a privacy audit of Facebook by the Irish data protection commissioner. The company had to make numerous privacy improvements as a result, including making privacy policies simpler, giving users more information about how personal data is used, flagging facial recognition to users, and limiting the amount of time it can keep ad-click data to two years.
Facebook had not responded to a request for comment at the time of publication.
Read more on Facebook