Max Schrems' "Europe versus Facebook" says the use of personal data by Facebook and other US internet firms breaches European privacy law. DW spoke to him about the PRISM data collection affair.
DW: You have been running your organization "Europe versus Facebook" for two years now. What complaints have you lodged against Facebook so far?
Max Schrems: In total we have made 22 complaints against Facebook for different breaches of European privacy laws. The main problem is that most American companies have the idea that they can ignore the laws in Europe and nothing [will happen.]
Facebook and other social networks, as well as other companies like Apple, are reported to have passed information on to the US National Security Agency as part of the PRISM surveillance program. What is your complaint there?
There are two different things that you have to separate. There is the idea of asking for information about a specific person, a Mr X, for example. In the EU as well as the US, that is perfectly okay. The big issue is the forwarding of bulk data belonging to masses of people. We have made complaints about five different companies who are forwarding European data. These are European subsidiaries, of Facebook for example, who hand the data on to a US subsidiary - and they hand it on to the NSA.
Under European law, the European subsidiaries are not allowed to hand over the data to foreign countries unless they can guarantee that the data is kept private there. This is something that they can't do, according to the reports that we have heard so far. The main aim for these complaints is that we have European authorities look at whether it is legal or illegal.
When we are online these days, it's becoming clear that many companies are out there gathering every bit of information about us. Is this what motivated you to start the "Europe versus Facebook" organization?
The biggest issue for me was the total ignorance of European fundamental rights by US companies. But you can't just point the finger at the US companies on this; the EU is also at fault. They do nothing to enforce the law. There are almost no penalties. In Austria, for instance, the maximum penalty is 20,000 euros ($26,000).
The European Commission has now proposed to change that, but there was major lobbying from US companies as well as the US government to prevent more serious data protection laws in Europe.
What was also very frightening was when I got my 1,200 pages of data stored by Facebook. There was a lot of information in there that I didn't personally enter onto the computer. A lot of people think that if you don't type in certain things online, it's not going to be there. But, what companies are doing increasingly is getting data about you from your friends. Or they try to aggregate data about your usage that you didn't actively put in. In my Facebook file there were about 300 pages of deleted messages. That's stuff that they shouldn't even have anymore. Lobbyists are trying to say that you can control and see how much data is online about you, but the reality looks very different. That's very frightening if you consider that the NSA can access the extra data that you didn't share at all.
Do you still use Facebook yourself?
I do. The thing is: We are not doing anything wrong here. It's the companies that are not playing by the rules and are misusing their position, especially Facebook, which basically has a monopoly on social networking. I don't think that in a democratic society the solution can be not to communicate with each other. We should be able to use these cool and empowering technologies without the need for constant worry - that should be the aim.
It's a bit childish probably, but my approach is: It's not me that is doing something wrong here - it's Facebook. I don't think the solution is to shut down and encrypt all our messages and try to lock ourselves up, instead of living freely.
For the Facebook users out there, what would your advice be? How can they protect their privacy better?
There's not a lot you can do on Facebook, aside from not posting stupid stuff. The one thing that will protect you a little bit is if you turn off all platform applications. That's the biggest loophole: Any of your friends can install an application that can access your data. You can only prevent that by completely turning off all platform applications; there is a setting for that on Facebook.
Other than that, it is up to the authorities that the Facebook system changes so that it is in line with European privacy laws. With every one of our complaints, we actually suggested how Facebook can be compliant with European privacy laws while still working in the way it does right now. There an individual user can't really do anything. You don't know what the servers somewhere in the US are doing, and you could hardly look into it and figure it all out.
So, let's say that things are being done illegally, and mass information is flowing to the US. Who is to blame for all this? Is it the US security structures stepping over the mark or is it the companies and social networks that are playing along too willingly?
It's both. But it's also the European Union, just watching and writing a few letters and not reacting beyond that. That is the biggest problem we have in Europe: We do have fundamental rights on paper, but we do little to enforce them. If I am a company and the US government is demanding I do something, and I know the Europeans won't react, I know what I would do.
We guarantee our citizens fundamental and constitutional rights but they are not really working in reality. You have to blame the Europeans the most. It's a question of democracy as well. Do we have the laws and enforce them or do we just have them on paper?
Max Schrems, a law student from Vienna, Austria, started the non-governmental organization "Europe versus Facebook" in 2011. The group has filed complaints against Facebook, Apple, Microsoft, Skype and Yahoo in Germany, Ireland and Luxembourg - where the European headquarters of the companies are located - related to alleged cooperation with the NSA.