On 26 November 2020, the Swedish supervisory authority Datainspektionen (“DPA”) announced that it has launched a six investigations into the transfers of personal data to third countries in response to complaints filed by the Austrian NOYB.
In August 2020, the Austrian privacy group NOYB lead by Max Schrems filed 101 complaints against companies in 30 countries for ignoring the recent CJEU ruling in case C-311/18 (“Schrems II”) and continuing transferring of personal data to the US. Six of these complaints were filed against Swedish companies Sinovum Media AB (synonymer.se), Modern Women Media Sweden AB (familieeliv.se), Coop Sverige AB (coop.se), Dagens industri AB (di.se), Tele2 Sverige AB (tele2.se) and CDON AB (cdon.fi).
According to the complaints, organisations have implemented Google’s and Facebook’s code snippets that forward personal data on each visitor to Google or Facebook.
The Swedish DPA’s review takes place within the framework of the working group set up by the European Data Protection Board (“EDPB”) in response to the 101 complaints that NOYB submitted to ensure uniform assessment and handling.