Anyone outside of the US and Canada can join the lawsuit.

An Austrian privacy activist has launched a wide-reaching class action suit against Facebook Ireland for breaching European data protection law.

Anyone outside of the US and Canada can join activist and law student Max Schrems' suit via the website fbclaim.com, since they will have signed up to Facebook's terms and conditions via the Dublin-based European subsidiary. That amounts to around 82 percent of all Facebook users. After being live for just one hour, the site has collected 100 participants.

The suit is seeking damages of €500 ($537) per user, and injunctions to be levied on the company for the following breaches:

Failing to get "effective consent" for using data
Implementing a legally invalid data use policy
Tracking users online outside of Facebook via "Like" buttons
Using big data to monitor users
Failing to make Graph Search opt-in
The unauthorized passing of user data to external apps
Its involvement in NSA's Prism program, designed to extract personal data from the public's internet use. (Schrems is pursuing a separate case on this due to be heard by the European Court of Justice.)
Schrems is levying the onslaught of charges against Facebook at the Commercial Court for Vienna after failing to convince Irish regulators to take, what he sees, as sufficient action. As Facebook Ireland chooses California law for civil disputes, remedies will be decided under US law.

Schrems' battle against the social network has been ongoing since 2010, when he requested Facebook send him all the user data it had on him. He received 1,200 pages. He went on to front the aptly named Europe versus Facebook group, which has pushed for changes to Facebook's policies and practices that will bring them in line with EU Data Protection law. So far this has led to Facebook abolishing facial recognition and deleting excess data it has on users. But Irish regulators, which only really have the power to fine the social network if it does not comply, have not pushed the rest of Schrems' claims through.

He tells Wired.co.uk: "The case was running for three years. So far there is no decision. They usually promise a decision 'next month' or 'soon', but there was no binding outcome from the complaints for three years now."

The reasons for the delay are unclear. But Schrems points out "many people in Ireland say that there is intense political and economic pressure to not enforce the law against the US tech giants there."

So how have Irish regulators, if Facebook really is breaching EU law, managed to push the issue aside?

Getting straight to the point, Schrems says Irish regulators have run the whole affair in a manner "you would expect from Russia, not from a EU member state". He tells us they are simply not processing complaints, and not providing access to the pertinent evidence. In addition Europe versus Facebook has not been privy to Facebook's own submissions to the regulator.

Anyone that has a Facebook account can sign up to the suit up until the day oral evidence is given in Vienna. And as a press release announcing the suit points out, if 10,000 of the social network's more than one billion users signed up, it would mean a €5m fee. For a company that bought Whatsapp for $19 billion, that is still not a great deal of money. But the money is not what Schrems is after.
"We are only claiming a small amount, as our primary objective is to ensure correct data protection," he says. "However, if many thousands of people participate we would reach an amount that will have a serious impact on Facebook."

So what exactly does Schrems really hope to gain from the suit? For one, he wants Facebook to provide "clear, straight-forward information and active, opt-in consent by users". "This is also the minimal standard under EU law," he adds.

Since many companies, big and small, also implement the same kind of behavior-tracking, big data approach as Facebook, Schrems also hopes it the class action will be seen as a warning sign for the whole industry -- "you can't just break the fundamental rights of others."

This is the basis for the suit's complaints about Facebook programs like Graph Search. Users were "opted-in" without having to first give consent. Given it makes information about every user easily searchable including, initially at least, their public posts, it makes sense Facebook should have sought its users personal preference. It went from offering users a setting to select who can look up their name and timeline, to totally retracting that option. Anyone particularly concerned about their information suddenly being accessible would have had to pre-empt the change by changing various other privacy settings, including limiting past posts.

Part of the reason it might have been possible for Irish regulators to resist Schrems various demands, is the vague nature of data protection terminology. For instance, the law states that data must be processed "fairly" and it should not be "excessive" in relation to the purpose for which it was collected.

Now companies across the globe already use big data to track our behavior, combining publicly available data with that which the company already has on us. Schrems simply wants "some limits" on what data the social network can use, from which sources and for what purposes.

We asked Schrems if part of the problem is the fact a large portion of the public is still unaware of just how much, and what data, is sucked in and analysed by companies everyday. He agreed, but says he's tired of that excuse being rolled out by industry.

"Facebook does a lot so that people don't get an accurate picture. I am kinda sick of the PR talk of the industry that users have to get educated -- it's the industry's job to make it clear and simple. Blaming the user is totally absurd. EU data protection law also requires consent to be 'unambiguous and informed'. You hardly find a privacy policy that is unambiguous and leaves the user with serious information."

In spite of this, the class action could provide a voice to the many internet users disillusioned with the status quo, when it comes to internet companies' perceived disregard of the European view on privacy. It might be industry's job to educate, but Facebook might also be about to find out just how many of its users are already fed up.

This story originally appeared on Wired UK.