cafébabel: Are you proud of Edward Snowden mentioning you in a tweet about the ECJ verdict?
Max Schrems: I found it cool. Generally that kind of thing isn’t important to me, but in this case I was really pleased.
cafébabel: You said that we users still lack a “digital gut feeling”. Could your lawsuit against Facebook’s invasion of privacy bring about a shift in awareness?
Max Schrems: I think that things have already changed. Especially since the whole Snowden case. Everyone has realised to some extent that things [like hidden surveillance and poor data protection] happen. However, it is still a vague feeling that is often hard to articulate precisely.
cafébabel: Until now, has Europe failed to provide a united digital strategy to prioritise data protection for its citizens?
Max Schrems: Each nation state is responsible for its own implementation of the rules in any case - responsibility is divided among the 28 member states. That has always been the case – there is no EU authority devoted specifically to privacy. The problem up to now has been that a lot of people in the old system simply didn’t do anything about it. The verdict could give us a bit more room for co-operation.
cafébabel: It’s strange – the defence by the Irish Data Protection Commission (DPC) before the ECJ was weak, and gave the impression that it wanted to get rid of the “safe harbour” anyway.
Max Schrems: Yes, it was a poor showing from the commission. I actually thought to myself – do they really want to defend their agreement here, or do they actually want it gone? Part of me was just surprised that they didn’t come with a better argument.
cafébabel: One of your main goals is to establish the fact that even large technology corporations must abide by the law. How do you intend to publicise this issue further?
Max Schrems: This isn’t my life’s ambition. I really do have other things to do. In fact these actions are also the responsibility of the authorities, not just individual citizens. Data protection is controlled by the state, but laws are not implemented properly. The problem is that the relevant authorities do nothing, like Luxembourg and Ireland, where - for tax reasons - most technology companies have their European headquarters.
“Basically you can break European law because nothing is ever going to happen” – this sentence was the last straw for Max Schrems, heard while he was studying in the US.
cafébabel: To what extent do ordinary citizens get involved with the issue of privacy?
Max Schrems: Everyone can do something – among 500 million Europeans, you’ll be able to find some people who want to get involved. I’m not the only person to have ever cared about data protection. For example, there are others who took care of data retention... and we mustn’t forget the guys who made a fuss about Google [the Federal Commissioner of Data Protection, Peter Schaar, European Committee of the Regions]. These things happen little by little. You could see it at the trial as well: it is simply a sign that people are doing something.
cafébabel: The site you co-founded, Europe vs. Facebook, has become an important mouthpiece in recent years for issues concerning data protection. Can you see yourself working for the EU in the future?
Max Schrems: In theory, yes, but there are no definite plans. What happens at the EU level is quite interesting. Basically, things are probably going OK. On the other hand, a lot of the procedures there are very long-winded. Then there’s the obscure lobbying system: the states get together in council, find something out and nobody knows where the decisions come from or why they are made. In that respect, the work is certainly frustrating. Also, it is still fascinating how one-sided lobbying is practised, simply because one side has more coal and more opportunities than the other.