Max Schrems takes on tech Goliaths in crucial test of GDPR

EU regulation places even more frontline responsibility on watchdog Helen Dixon

Austrian lawyer and privacy activist Max Schrems who has filed four complaints using  GDPR to challenge Facebook and Google  data collection policies and their take-it-or-leave-it approach to consent. Photograph: Heinz-Peter Bader/Reuters

Austrian lawyer and privacy activist Max Schrems who has filed four complaints using GDPR to challenge Facebook and Google data collection policies and their take-it-or-leave-it approach to consent. Photograph: Heinz-Peter Bader/Reuters

 

While the rest of us slept on Friday morning Max Schrems – the Austrian privacy campaigner, Facebook tormentor and Irish court loyalty cardholder – threw a wrench into the gears of the US social network and its arch rival, Google.

Taking on two tech Goliaths at once, Schrems’s weapon of choice is Europe’s new data protection regulation (GDPR). His target: their “free” business model where we allow them collect and sell our data – very profitably – in exchange for using their services without charge.

The four complaints filed on Friday use GDPR to challenge these data collection policies and their take-it-or-leave-it approach to consent. Users of Facebook, Instagram, WhatsApp or Google services have no choice, the complaints argue, but to opt-in to all of their data collection policies. However, it is not clear, his complaint argues, what they are collecting, why and whether it is strictly necessary to provide the service.

With GDPR live since Friday, the EU takes a narrow view of data collection: only as much as is needed to provide the service should be collected. Bundling necessary data collection with profitable extra data collection is illegal.

This is a crucial legal test of many new principles of GDPR – including informed consent, and proportionate data collection – and of the State’s role as a big tech hub.

GDPR hands the Republic’s Data Protection Commissioner Helen Dixon even more frontline responsibility to police all tech companies based in Ireland, but Schrems has ensured she will have to liaise closely with EU regulator colleagues on these new complaints.

Dixon has said she is looking forward to new GDPR powers and has called for additional resources commensurate with the regulator’s new additional responsibilities since today.

The Schrems complaints – likely to play out again in the High Court – suggest she’ll need every euro she can get.

The Irish Times Logo
Commenting on The Irish Times has changed. To comment you must now be an Irish Times subscriber.
SUBSCRIBE
GO BACK
Error Image
The account details entered are not currently associated with an Irish Times subscription. Please subscribe to sign in to comment.
Comment Sign In

Forgot password?
The Irish Times Logo
Thank you
You should receive instructions for resetting your password. When you have reset your password, you can Sign In.
The Irish Times Logo
Please choose a screen name. This name will appear beside any comments you post. Your screen name should follow the standards set out in our community standards.
Screen Name Selection

Hello

Please choose a screen name. This name will appear beside any comments you post. Your screen name should follow the standards set out in our community standards.

The Irish Times Logo
Commenting on The Irish Times has changed. To comment you must now be an Irish Times subscriber.
SUBSCRIBE
Forgot Password
Please enter your email address so we can send you a link to reset your password.

Sign In

Your Comments
We reserve the right to remove any content at any time from this Community, including without limitation if it violates the Community Standards. We ask that you report content that you in good faith believe violates the above rules by clicking the Flag link next to the offending comment or by filling out this form. New comments are only accepted for 3 days from the date of publication.