Max Schrems: The privacy bubble needs to start 'getting sh*t done'

Austrian activist on funding his privacy NGO and retiring from the front line

By Rebecca Hill

Posted in Policy, 10th January 2018 10:33 GMT

Interview "The problem we have in the privacy bubble is that we're great at saying how evil and bad everything is... but we're not that great at getting shit done."

Max Schrems, the privacy activist known for reducing the Safe Harbor data-sharing deal to tatters, is making one final attempt to spur the community he's been at the heart of for almost a decade into action.

After years locked in numerous long, drawn-out and often bitter legal battles, Schrems decided to launch a nonprofit aiming to help people bring their own consumer privacy cases to court.

I don't want to keep bringing cases for the rest of my life

The plan is for NOYB (None Of Your Business) to take advantage of the incoming European Union General Data Protection Regulation, which offers more options for collective redress across the bloc, and harness the momentum Schrems has built up with various high-profile court cases.

"We've got the rights on paper... now we need to collectively enforce them. As an individual consumer, you usually can't sue a company – that's what's missing here," he told The Register.

Schrems describes this as a "rare window of opportunity" – but it's also clear the Austrian lawyer is tiring of being, as he puts it, "that Facebook guy".

"I'm 30 now, and so the idea was to build something that's more stable, more sustainable, and isn't dependent on an individual," he said.

"I know I'm going to be deeply engaged, especially at the beginning, but in the long run it should absolutely not be Max's personal NGO."

Pressed on whether the plan was to bow out of the privacy world, he said: "It's retirement from the first line of defence, let's put it that way... I don't want to keep bringing cases for the rest of my life."

Tick follows tock, follows tick

Schrems' plan for passing the baton is to get people to take action, or "not just to talk about privacy, but to enforce it".

It also seems to be something of a challenge to the community that has watched his battles with Facebook from the sidelines over the years.

"I didn't want to really engage in Privacy Shield; I was hoping that someone else would do it," he said. "But that's what NOYB should do – the whole thing is intended to look for the best legal option to bring something down, to get something done."

Max Schrems launches privacy NGO, wins €60k within first 24 hours

READ MORE

Unlike other NGOs, NOYB will focus entirely on consumer law, with experts advising people and consumer rights groups on the best way to win their cases.

In particular, Schrems focuses on the time and costs involved in seeing cases through, especially when faced with megabucks companies that can afford to slow the process down.

"It is frustrating. It's possible for Facebook, simply because it has so much money, to delay procedures over and over again," said Schrems.

Part of the problem is simply having the staying power.

Take Schrems' original submissions against Facebook – the case that eventually led to the collapse of Safe Harbor.

It was filed in 2013 and took two years to get to the Court of Justice of the European Union – but when the decision was made, Schrems was straight back in court challenging Facebook again. Last October, the Irish High Court sent the issue back up to the CJEU and it could take another two years to be heard.

"That's the reason you have to have the capacity to just wait around," Schrems said.

But the wait is often worth it: Schrems reckons that, if you get to the CJEU, you've got a 90 per cent chance of winning.

"And if you do win something, like when Safe Harbor came down, people were thrilled. Because it took away that feeling that you can't do anything about it."

No money, no NOYB

Ideally, the NGO will be taking on new cases while it's doing the waiting around – and be able to back individuals' cases up financially, to reduce the risk attached to suing a corporate giant.

But in order to even get off the ground, the NOYB has to raise the funds, and Schrems has put a fat figure – and tight deadline – on it, calling for €250,000 by January 31.

At the time of launch, he said that it didn't make any sense to take on global companies without a good pot of cash. "We want to do this properly, or not at all!" he rallied.

Now, though, the organisation is cutting it close to the wire: although Schrems said pledges have increased by about €2,000 a day, the pot is still about €100,000 shy of the target with just under three weeks to go.

Schrems puts this down to two things: first, that NOYB is looking for an annual commitment from members. "Any lawyer that's going to work for us needs to know we'll be able to pay the bills next year," he reasons. Second, that privacy is a complex and somewhat esoteric topic.

"It's much harder to sell an abstract organisation than asking for money because we've filed a case against this company," he said.

And if it doesn't get there?

"Then it's simply not going to happen."

The whole idea of making this a crowdfunding project, Schrems explained, was to make it into a yes or no answer – to make sure he had tried everything, before perhaps stepping out of the privacy limelight.

"I think it's a very important thing; I think there should be an organisation like this, and it's still the way I'd like to finalise my engagement in the whole privacy debate," Schrems said.

"However, if there isn't an organisation, I'm going to go snowboarding and be happy about that too." ®

Sign up to our NewsletterGet IT in your inbox daily

16 Comments

More from The Register

Info Commish offers privacy addicts a 12-step GDPR programme

Get clean from your data sins

New strife for Strava: Location privacy feature can be made transparent

Circles within circles make it easy to find the midpoint

Canuck privacy commissioner to dig into Uber data breach

Formal investigation launched. Not the first, won't be the last

Facebook smartmobe app's pre-ticked privacy settings violate German data protection law

Court favours consumer group in long-running dispute

What is.GDPR? Survey suggests smaller firms living under rocks as EU privacy regs loom

While Facebook boasts tools to help users 'manage their data'

EU data protection groups: Fix Privacy Shield or face lawsuit

‘Significant concerns’ over transatlantic data flow deal

Max Schrems launches privacy NGO, wins €60k within first 24 hours

'None of Your Business' to help bring consumer cases to court

VTech hack fallout: What is a kid's privacy worth? About 22 cents – FTC

Toymaker coughs up $650k after three million youngsters have info swiped

You are the one per cent if you read Firefox's privacy spiels

So Mozilla's going to give them their very own Tab, perhaps ahead of opt-out slurping

Supremes asked to mull legality of Silicon Valley privacy 'slush funds'

Analysis When watchdogs don't watch