They/Schrems have been at it for a while now. They initially tried to go through the Irish DPC (Data Protection Commissioner)[1] but that wasn't very fruitful. In 2013 they issued complaints in 3 different countries. Again no outcome[2] (see 'reactions'). Now they're at this lawsuit[3] regarding the following violations:
- Data use policy which is invalid under EU law
- The absence of effective consent to many types of data use
- Support of the NSA’s ‘PRISM’ surveillance programme
- Tracking of Internet users on external websites (e.g. through ‘Like buttons’)
- Monitoring and analysis of users through ‘big data’ systems
- Unlawful introduction of ‘Graph Search’
- Unauthorised passing on of user data to external applications