Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Privacy

Austria’s Max Schrems: US High-tech Giants’ Worst Nightmare?

Few in America’s Silicon Valley could have predicted that a young Austrian law graduate who spent a semester studying there would one day become high-tech companies’ worst nightmare.

Few in America’s Silicon Valley could have predicted that a young Austrian law graduate who spent a semester studying there would one day become high-tech companies’ worst nightmare.

Yet that’s exactly what Max Schrems achieved on Tuesday when the European Union’s top court ruled in his favor, declaring that a key transatlantic data deal relied on by giant corporations such as Facebook was invalid in the light of widespread spying revealed by the Edward Snowden scandal.

The verdict strikes down the so-called Safe Harbour pact signed between the European Commission and the United States in 2000, allowing American companies to transfer data from the EU to the US as long as they ensured adequate levels of protection.

But for Schrems, who turns 28 this month, the agreement failed to live up to its promise in the wake of details leaked by former US National Security Agency (NSA) contractor Snowden.

According to the American whistleblower, the NSA had access to users’ data on Facebook and other US tech companies. Although the firms have denied the allegations, the scandal has nevertheless opened a can of worms and helped pave the way for Schrems’ legal victory.

“Yay!” he declared in a jubilant tweet just minutes after the European Court of Justice announced its decision.

In a later statement, the outspoken activist described the ruling as a potential “milestone” for online privacy.

“This judgement draws a clear line. It clarifies that mass surveillance violates our fundamental rights…(It) makes it clear that US businesses cannot simply aid US espionage efforts in violation of European fundamental rights,” he noted.

Advertisement. Scroll to continue reading.

– ‘Wild West’ laws –

In the lead-up to the verdict, Schrems looked relaxed, flashing his trademark grin as he leaned against a row of seats inside the court room, hands in his jeans pockets.

The PhD student from Vienna has grown accustomed to journalists’ questions since he began his fight against Facebook four years ago, after spending a semester at Santa Clara University in Silicon Valley.

Schrems said he had been startled by American companies’ lax attitude towards European privacy laws.

“The general approach in Silicon Valley is that you can do anything you want in Europe” without facing major consequences, Schrems told AFP in an earlier interview.

“We have privacy laws here in Europe but we are not enforcing (them). The core issue is: do online companies have to stick to the rules or do they live somewhere in the Wild West where they can do whatever they want to do?”

Following his return to Austria, he requested Facebook provide him with a record of the personal data it held on him.

Schrems was shocked when he received no less than 1,222 pages of information.

These included photos, messages and postings on his Facebook page dating back years — some of which he thought he had deleted — the times he had clicked “like” on an item, and “pokes” of fellow users.

“When you delete something from Facebook, all you are doing is hiding it from yourself,” he said.

Battle goes on

Believing that Facebook was contravening EU law, he filed 22 complaints with Ireland’s Data Protection Commissioner (DPC) in Dublin, where Facebook has its European headquarters.

When the DPC rejected the case on the basis of the Safe Harbour agreement, Schrems remained undeterred and took his cause all the way to the European Court of Justice.

Despite Tuesday’s win, the David-versus-Goliath battle is far from over for the Austrian who is also trying to launch a class action in Austria against Facebook for alleged privacy breaches.

He is currently appealing a decision by a Viennese judge to reject the suit in July on the basis that the court lacked jurisdiction to decide the matter.

Some 25,000 people from around the world have signed up to the action, with each plaintiff claiming a symbolic sum of 500 euros ($540) in damages.

Facebook, which denies the alleged breaches, has accused Schrems of launching the lawsuit for financial reasons rather than for his rights as a consumer — a claim laughed off by the activist’s lawyer, Wolfram Proksch: “He lives for, but not off the case.”

Written By

AFP 2023

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Privacy

Many in the United States see TikTok, the highly popular video-sharing app owned by Beijing-based ByteDance, as a threat to national security.The following is...

Privacy

Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...

Application Security

Open banking can be described as a perfect storm for cybersecurity. At one end, small startups with financial acumen but little or no security...

Mobile & Wireless

As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for...

Government

The proposed UK Online Safety Bill is the enactment of two long held government desires: the removal of harmful internet content, and visibility into...

Cloud Security

AWS has announced that server-side encryption (SSE-S3) is now enabled by default for all Simple Storage Service (S3) buckets.