Read news from:
Austria
SHARE
COPY LINK

PRIVACY

Austrian Facebook slayer launches four new cases as EU tightens data privacy

As a young Austrian law student, Max Schrems took on Facebook and won, and seven years ago he was already raising the alarm over the flaw Cambridge Analytica allegedly exploited to obtain the data of millions of users for political purposes.

Published: 25 May 2018 10:07 CEST
Updated: 26 May 2018 08:09 CEST
Austrian Facebook slayer launches four new cases as EU tightens data privacy
Photo: AFP

So, as a new EU law — billed as the biggest shake-up of data privacy regulations since the birth of the web — comes into force on Friday, Schrems  might be forgiven for thinking his work is done.

Far from it. In fact, he has chosen the day to file four complaints with regulators under the new legislation against some of the tech world's biggest names. 

“One is in France against Google on Android, the other one is on Instagram in Belgium, the third one is in Hamburg against WhatsApp and the fourth one is in Austria against Facebook,” Schrems told AFP, adding that the cases were being brought by his new NGO None of Your Business.

The problem with all these sites, he said, is with the pop ups that have been appearing on them in recent weeks, asking users to agree to new terms of use. 

He says this amounts to a system of “forced consent” from users.

“All of them basically have a situation where you have to consent to the privacy policy otherwise you're not allowed to use their service.

“It's clear in the law — there are decisions by European data protection authorities and guidelines that this (practice) is prohibited,” he said.

The EU's General Data Protection Regulation (GDPR) aims to make it simpler for people to control how companies use their personal information. 

Facebook's 'apology tour'

According to Schrems, despite “a lot of legal uncertainty, mainly out of the industry lobbying that tried to water the law down”, the GDPR represents “a good start” and reflects the high importance already given to privacy in European regulations.

“The laws are pretty much the same as we had before — the big difference that we have now is that they're enforceable,” he said, pointing to the high financial penalties envisaged under GDPR, which for large companies like 
Google or Facebook could run into billions of dollars.

When the Cambridge Analytica scandal broke, Schrems pointed out that the controversial data harvesting methods used by the company were at the heart of the case he brought against Facebook back in 2011.

And Facebook's claims that it had been betrayed were “laughable”, he said.

So what does he make of Mark Zuckerberg's recent appearances before Congress in Washington and, this week, before the European Parliament?

“It's probably the 51st 'we are so sorry for what we did' tour,” he said with a wry smile.

The fact that Zuckerberg is now facing the music personally, rather than sending spokespeople, is probably a positive sign that pressure is rising on the company, he said.

But nevertheless, he is clear that bringing the giants of the tech world to heel will be a long process.

“It will probably take 20 years until they don't have to argue… because they're finally complying with stuff, but it is a first step, I guess.”

PRIVACY

How Austrian privacy activists are taking on tech giant Google

Austrian online privacy activist Max Schrems has taken on a new battle: taking Google to task for the "illegal" tracking code on its Android mobile phones.

Published: 21 April 2021 08:11 CEST
How Austrian privacy activists are taking on tech giant Google
Google headquarters in the rain. Photo: TOLGA AKMEN / AFP

The action against Google is the latest in what Schrems, 33, describes as “David versus Goliath” struggles against the internet’s giants.

Leading a team of seasoned lawyers at his privacy campaign group NOYB (None Of Your Business), the relaxed and affable Schrems tells AFP he is motivated simply by the fact that companies that dominate the internet “make profits from violating the laws”.

READ MORE: Eight weird and wonderful Austrian place names

NOYB was set up in 2018, at the same time as the European Union implemented its landmark General Data Protection Regulation (GDPR), legislation aimed at making it simpler for people to control how companies use their personal information.

The handful of employees at NOYB are currently pursuing no fewer than 150 complaints in various jurisdictions.

“Ideally we should not exist,” says Schrems, pointing to publicly funded watchdogs that ought to be keeping companies in line.

“The problem is that in many member states that is not properly done,” he adds. He cites the example of Ireland, where numerous multinationals have their European headquarters.

That means around 4,000 complaints are filed with the Irish authorities every year but according to Schrems “this year they plan to have six to seven decisions.”

That means that “99.9 percent of the cases… are simply taken and thrown in the trash can”.

“That is a fundamental problem we have in Europe, we are very good at passing laws and praising ourselves about… how great we are at human rights, but we are actually not very good at enforcing it,” he says.

‘Wilful’ rule-breaking 

The latest complaint against Google has been filed with the CNIL, France’s data protection authority.

At the same time, NOYB has an active complaint against Apple over a similar tracking code issue, despite Apple’s stated intention to update its operating system later this year to force app developers to ask users’ permission before tracking their activities across other companies’ apps and websites.

A decade after Schrems tackled his first cases, his outrage at the opaque workings of internet giants has not dimmed, in particular at what he terms “wilful” rule-breaking.

“If no one follows the rule and gets away with it, then why even bother having a democratic process in the first place?” he asks.

He laments the tendency for groups such as the internet’s “Big Four” — Google, Facebook, Amazon and Apple — to engage in “responsibility shifting” to users by introducing new and often bewildering layers of privacy settings.

For example, “Facebook regularly puts out a hundred more buttons with options and then they present it as more privacy for the user, whereas in reality no one in the world is going to click on these buttons,” he says. 

‘Anti-Zuckerberg’? 

In the context of a debate that has sprung up in relation to coronavirus contact tracing apps, Schrems said he was surprised at the widespread concern over the apps’ privacy implications — despite many of them being well designed in this respect.

“It is a bit strange to think that people trust Google with all their data, but they wouldn’t trust their health ministry,” he says.

Alongside his current legal battles, Schrems is also keeping an eye on talks between the EU and the United States on the thorny matter of data transfers.

He has won two of his most famous legal victories in relation to that issue: in 2020 one of his complaints led the EU’s top court to strike down an online data arrangement known as “Privacy Shield” between Europe and the US.

In 2015, another case brought by Schrems scuppered a previous EU-US deal on which tech giants depended to do business.

What are the chances of a replacement deal that won’t meet a similar fate?

Schrems expects “a half-half solution” that will lead to “Schrems 3,4,5” being thrashed out in the courts, adding: “It’s kind of weird to have your name on a case.”

He strikes a modest tone when reflecting on the way he has become something of a poster boy for online privacy, the “anti-Zuckerberg”.

“You need a David versus Goliath and so on, so I accepted to be that David for the sake of having stories on it,” he says.

In the same way that “you need a Greta Thunberg to have a face on climate change because it’s a very abstract debate… I may sometimes be the face of that privacy debate,” he says.

SHOW COMMENTS