Schrems says ‘insanely high’ Irish legal fees threaten cases against online firms

Austrian campaigner says firms can ‘bankrupt’ data regulator through appeals

Ireland's "insanely high" legal fees could threaten court actions against large online companies that can continue to appeal decisions, Austrian data privacy campaigner Max Schrems has said.

Speaking in Dublin on Wednesday, Mr Schrems noted the Office of the Data Protection Commissioner (DPC) had run up a bill of €2 million in pursuing his case against Facebook.

“So if one case...costs basically a third of your budget, or half of your budget or whatever it is, how many cases can you actually bring as an Irish regulator just without going bankrupt?”

The action taken by the DPC involving Mr Schrems’s concerns about how Facebook handles his data has been referred to the European Court of Justice.

Mr Schrems has made his name fighting this case, and was referred to as a "titan of civil liberties" in an interview at the Ireland's Edge "A Coded Culture" event in Trinity College Dublin.

Despite being "reasonably happy" at the recent introduction of the General Data Protection Regulation (GDPR) last month, he said the issue of legal expenses in Ireland continued to raise questions over tackling data issues.

He told the audience that "legal fees in Ireland are just insanely high", whereas in Austria a court case could cost between €2,000 and €3,000. "That is going to be in the long run a problem because as a [responding] company that has a budget, you're just going to appeal, appeal, appeal any decision from the [data protection authority] and thereby run them out of money."

‘Delay you forever’

“If you have players like that who have so much money to just throw at you to just delay you forever it is going to be very hard for a regulator. They have to have a lot of energy and will to go forward to do these cases.”

Mr Schrems said lawyers had also told him that companies can be unwilling to appeal DPA decisions due to the legal cost.

His None of Your Business organisation has recently brought four privacy lawsuits under GDPR – against Google, and Facebook and its subsidiaries WhatApp and Instagram – seeking a total of €7.6 billion in damages.

Asked about Edward Snowden's revelations of data misuse by the US's National Security Agency, Mr Schrems said he was "actually surprised that that was happening to that extent".

“I called the Snowden disclosures at the time, the Chernobyl of data protection – that one time everything blew up and no one could really ignore it anymore.”