Max Schrems: The privacy bubble needs to start 'getting sh*t done'

Austrian activist on funding his privacy NGO and retiring from the front line

By Rebecca Hill


Interview "The problem we have in the privacy bubble is that we're great at saying how evil and bad everything is... but we're not that great at getting shit done."

Max Schrems, the privacy activist known for reducing the Safe Harbor data-sharing deal to tatters, is making one final attempt to spur the community he's been at the heart of for almost a decade into action.

After years locked in numerous long, drawn-out and often bitter legal battles, Schrems decided to launch a nonprofit aiming to help people bring their own consumer privacy cases to court.

I don't want to keep bringing cases for the rest of my life

The plan is for NOYB (None Of Your Business) to take advantage of the incoming European Union General Data Protection Regulation, which offers more options for collective redress across the bloc, and harness the momentum Schrems has built up with various high-profile court cases.

"We've got the rights on paper... now we need to collectively enforce them. As an individual consumer, you usually can't sue a company – that's what's missing here," he told The Register.

Schrems describes this as a "rare window of opportunity" – but it's also clear the Austrian lawyer is tiring of being, as he puts it, "that Facebook guy".

"I'm 30 now, and so the idea was to build something that's more stable, more sustainable, and isn't dependent on an individual," he said.

"I know I'm going to be deeply engaged, especially at the beginning, but in the long run it should absolutely not be Max's personal NGO."

Pressed on whether the plan was to bow out of the privacy world, he said: "It's retirement from the first line of defence, let's put it that way... I don't want to keep bringing cases for the rest of my life."

Tick follows tock, follows tick

Schrems' plan for passing the baton is to get people to take action, or "not just to talk about privacy, but to enforce it".

It also seems to be something of a challenge to the community that has watched his battles with Facebook from the sidelines over the years.

"I didn't want to really engage in Privacy Shield; I was hoping that someone else would do it," he said. "But that's what NOYB should do – the whole thing is intended to look for the best legal option to bring something down, to get something done."

Max Schrems launches privacy NGO, wins €60k within first 24 hours


Unlike other NGOs, NOYB will focus entirely on consumer law, with experts advising people and consumer rights groups on the best way to win their cases.

In particular, Schrems focuses on the time and costs involved in seeing cases through, especially when faced with megabucks companies that can afford to slow the process down.

"It is frustrating. It's possible for Facebook, simply because it has so much money, to delay procedures over and over again," said Schrems.

Part of the problem is simply having the staying power.

Take Schrems' original submissions against Facebook – the case that eventually led to the collapse of Safe Harbor.

It was filed in 2013 and took two years to get to the Court of Justice of the European Union – but when the decision was made, Schrems was straight back in court challenging Facebook again. Last October, the Irish High Court sent the issue back up to the CJEU and it could take another two years to be heard.

"That's the reason you have to have the capacity to just wait around," Schrems said.

But the wait is often worth it: Schrems reckons that, if you get to the CJEU, you've got a 90 per cent chance of winning.

"And if you do win something, like when Safe Harbor came down, people were thrilled. Because it took away that feeling that you can't do anything about it."

No money, no NOYB

Ideally, the NGO will be taking on new cases while it's doing the waiting around – and be able to back individuals' cases up financially, to reduce the risk attached to suing a corporate giant.

But in order to even get off the ground, the NOYB has to raise the funds, and Schrems has put a fat figure – and tight deadline – on it, calling for €250,000 by January 31.

At the time of launch, he said that it didn't make any sense to take on global companies without a good pot of cash. "We want to do this properly, or not at all!" he rallied.

Now, though, the organisation is cutting it close to the wire: although Schrems said pledges have increased by about €2,000 a day, the pot is still about €100,000 shy of the target with just under three weeks to go.

Schrems puts this down to two things: first, that NOYB is looking for an annual commitment from members. "Any lawyer that's going to work for us needs to know we'll be able to pay the bills next year," he reasons. Second, that privacy is a complex and somewhat esoteric topic.

"It's much harder to sell an abstract organisation than asking for money because we've filed a case against this company," he said.

And if it doesn't get there?

"Then it's simply not going to happen."

The whole idea of making this a crowdfunding project, Schrems explained, was to make it into a yes or no answer – to make sure he had tried everything, before perhaps stepping out of the privacy limelight.

"I think it's a very important thing; I think there should be an organisation like this, and it's still the way I'd like to finalise my engagement in the whole privacy debate," Schrems said.

"However, if there isn't an organisation, I'm going to go snowboarding and be happy about that too." ®

Sign up to our NewsletterGet IT in your inbox daily


More from The Register

Apple to require privacy policy on all apps

October iOS change reflects broader societal shift

MyHealth Record privacy legislation published

That's if there's still a government to pass the amendments

MOS-SAD: Israeli govt weighs in on Facebook privacy, promises action

Israel Cyber Week Spymaster whines about smartphone privacy

Ding ding! Round Two: Second annual review for transatlantic data flow deal Privacy Shield

Talks to cover oversight, enforcement, US surveillance

United States, you have 2 months to sort Privacy Shield ... or data deal is for the bin – Eurocrats

MEPs call for urgent fix

Probe Brit police phone-peeking plans, privacy peeps plead

Investigatory Powers Commissioner urged to act on mobile data extraction tech

Doc 'Cluetrain' Searls' privacy engine project is just the ticket for IEEE

Book coauthor's machine-readable policy effort has left the station

Info Commish offers privacy addicts a 12-step GDPR programme

Get clean from your data sins

Facebook privacy audit by auditors finds everything is awesome!

FTC's heavily redacted report says everything's hunky dory asks biz for ideas on how to 'overcome' data privacy concerns in NHS

£9m up for grabs in latest digital health tech funding call