Who is Max Schrems and why is he so important in the data protection world?
Maximilian Schrems is an Austrian lawyer, PhD in Law, who became famous for his campaign against Facebook for violation of the European privacy laws referring to transferring personal data to US National Security Agency as part of its PRISM program. In order for his case to become widely popular, he created a website – europe-v-facebook.org, where he published all updates regarding his campaign and the core of everything – all his personal data revived from Facebook.
As a law student in Vienna University, Max took a semester abroad in the Santa Clara University in California, where the privacy lawyer Ed Palmieri give a class on privacy matters. Surprised by the method taken in the USA, Max later made a request following the European right to access the data a company holds on for him. As a result, he received a 1 200 pages of information on himself that he published on his website (with personal information redacted of course).
This was not the end of the story, because in 2011 Max filed complaints against Facebook inc. in Ireland in the Irish Data Protection Commission. As a result, the European headquarters of Facebook was audited and had to disable its facial recognition software.
In 2014 one of the complaints went before the European Court of Justice (CJEU) and became more famous as the first Shrems case (“Shrems I”). “Schrems I” led the Court of Justice of the European Union on October 6, 2015, to invalidate the Safe Harbor* arrangement, which governed data transfers between the EU and the US. The European Commission found in the executive decision 2000/520/EC that the so-called EU-US Safe Harbor Principles would provide “adequate protection” under Article 25 of Directive 95/56/EC, when it comes to the transfer of personal information from the EU to the US. Schrems, therefore, argued that the Safe Harbor system would violate his fundamental right to privacy, data protection and the right to a fair trial under the Charter of Fundamental Rights of the European Union.
After that case was remanded to the Irish data protection authority, the Commissioner filed a second suit (“Schrems II”) in the Irish High Court to determine whether the “standard contractual clauses” used by Facebook to authorize the transfer of personal data to the U.S. post-Safe Harbor provide adequate protection for E.U. citizens.
Max Schrems is an author of two data privacy-related books in German: Fight for your Data, 2014 and Private Video Surveillance law, 2011.
* Safe Harbour Decision determined that US companies complying with the principles were allowed to transfer data from the EU to the USA