Why does privacy matter ?
Max Schrems: We are moving to a digital society, where it is possible to track every thought and even predict behavior that even the person itself is not aware of. As with other technologies, this allows great new opportunities, but also generates a lot of danger for our freedoms. Privacy protections are meant to limit the bad aspects of this development, so that we don’t have to worry too much – because in the end we all have some things that we deem private.
The Safe Harbour infringed on European citizens’ privacy. You challenged it. Its successor, the Privacy Shield, does not seem satisfying either. Is it just more of the same ? What improvements does it bring and what are the remaining pitfalls ?
Max Schrems: It is unfortunately mainly a copy/paste of the invalidated agreement, that was simply passed a second time under a new name. There are minor improvements, but the core issues of vastly lower protection that under EU law and continuing mass surveillance in the US has not changed at all.
European regulation is now supposed to be proposing « privacy by default ». Is it enough to restore a culture of privacy in Europe ? If not, under which conditions can the privacy of European citizens be protected ?
Max Schrems: The new GDPR could make a real difference for the parts of the IT industry that ignored EU privacy laws so far. The key change are the fines. Companies will have to pay up to € 20 Million or 4% of their worldwide revenue in fines. This will hopefully end total ignorance of EU law, which was so far basically not enforced.
Is the regulation of transatlantic data sharing doomed to fail ? Why is it such an issue ? Why, do you think, is there such a « digital divide between the EU and the US » ? And if so what are the causes/origins ? Is it a matter of culture, is it due to the existing legislation ?
Max Schrems: The US only protects “US persons” under its law. Everyone else is hardly protected. The EU follows a concept of human rights, that apply to every person and has strict privacy rules. Multinational companies that are subject to surveillance laws in the US, but also privacy protections in the EU and don’t separate their products accordingly are bound to violate one of the two systems.
Your quest and your fight have become quite popular now and many have rallied behind you. Who are your supporters (organisations, associations, individuals,..) ? (you may mention your future NGO if you think the timing is appropriate.)
Max Schrems: There is a lot of moral support. We also got about €70.000 in donations for the “Safe Harbor” case. However I think in the long run we need to move from individual activists, that do such things in their fee time to a more sustainable and professional setup. I am therefore currently working to establish a European privacy enforcement NGO, that takes care of such things and brings cases of itself. The key point here is still to get medium-term funding for this project.
Max Schrems will be speaking at FIC2017 to open the third plenary session, on Wednesday, 25th January at 9.00. Come and hear him there !
- EncroChat: Deciphering of the End-to-End Encryption Service Used by Criminals Cybercrime
- Preserving Digital Footprints and Cyber Resilience: Training the Swiss Police Cybercrime
- Ransomware in Six Questions (by the Ministerial Delegation to the Security Industries and the Fight Against Cyberthreats, French Ministry of the Interior) Cybercrime