Max Schrems: “The GDPR has an influence because it is and will continue to be the global standard”

Austrian activist Max Schrems, who has been fighting for fifteen years for the protection of personal data and against large digital companies, is one of the key players in the events that led to the inflicting on Meta (Facebook, Instagram, etc.), Monday May 22, the heaviest ever imposed under the General Data Protection Regulation (GDPR): 1.2 billion euros, for having transferred data from European citizens to American soil .

Present in Paris for the forty-five years of the National Commission for Computing and Liberties (CNIL), Max Schrems answered questions from the World and recalled the still strong criticisms addressed to this text, the fifth anniversary of which this Thursday marks. Today at the head of the NGO None of your Business (NOYB), he deplores the weaknesses in the application of the main principles voted by European legislators.

Read also: Meta fined record €1.2 billion by Irish personal data regulator

The GDPR is celebrating its fifth anniversary today, but for your part, you have been fighting a legal battle for the protection of personal data for almost fifteen years. What has fundamentally changed since then?

We have evolved towards a better general understanding of the right to privacy and its importance. Fifteen years ago those who spoke of “privacy” were seen as weird people in a basement, and that fundamentally changed. Today, what has yet to become a reality is enforcement. The great promise of the GDPR was that all of these great principles that we actually had since the 1990s were finally going to be enforced, whether through fines and so on. This idea had strong political support in Brussels.

Finally, today at NOYB more than 85% of our files are currently not yet processed by the national data protection authorities. It takes us on average two to three years to get a decision. In Austria, for example, they officially have to make a decision in six months: in reality it’s more like a year and a half or even two years, and then you have to go to court. Again, it’s the same thing: most judges see the letters “GDPR” on the file and look for a way to avoid having to deal with it.

Read also: Article reserved for our subscribers GDPR: what results in terms of sanctions, five years after the entry into force of the regulation?

The Irish Data Protection Authority (DPC), leader of the European CNIL, is regularly at the center of criticism regarding the GDPR and its application. For what ?

Ireland has a history of laxity that goes beyond GDPR. It’s all one business model in Ireland, as part of the European Union, to pass the laws on paper, but not really to enforce them. In the realm of privacy, this quickly became evident.

You have 51.12% of this article left to read. The following is for subscribers only.