Facebook was Warned 2012: Max Schrems says he warned Facebook in 2012 about the security gaps that the British company Cambridge Analytica would later exploit.
The Austrian data protection activist Max Schrems says in an interview that he warned Facebook in 2012 about security gaps that would later be exploited by the British company Cambridge Analytica to obtain millions of profiles without consent.
Schrems, 30, has been involved in litigation with the social network for seven years on the application of European privacy standards, and in 2015 a lawsuit was filed against him by the European Union (EU) and US data exchange treaty, known as “Safe harbor” and which was in force for 15 years.
- “In 2011 I reported that there were applications that were not regulated and that appropriated user data without their approval,” explains Schrems on the content of his first lawsuit in Ireland, where Facebook is based in Europe.
- “In 2012 I discussed this situation for hours with representatives of Facebook and answered that everything was in order and for them, there were no problems,” he adds in an interview in Vienna.
- According to Schrems, the same vulnerability that allowed some applications to obtain user data without their consent is the one that was used in the case of the 50 million profiles stolen in the Cambridge Analytica scandal.
- That consultant studied the personality of the users to offer messages as they could alter the vote in the US elections of 2016 in favor of who finally won, Donald Trump.
- The activist criticizes the inaction of the Irish authorities and considers that if they had acted more forcefully at the time, this appropriation of data would not have been possible.
- “If the appropriate corrections had been made, it would not have happened, ” says Schrems, who criticizes the fact that national data protection authorities do not act more zealously towards technological giants in the application of European regulations.
Earlier this month the Irish justice asked the EU Court of Justice to rule on the validity of the current transfer of data from European Facebook users to the US, which could jeopardize the treaty known as “Privacy shield “, successor to the” Safe harbor “.
This request is based on a new claim by Schrems, who considers that there is a fundamental incompatibility between the EU and US regulations on data protection.
“In the United States, there are laws that protect mass surveillance and oblige companies to provide private data, while at the same time we have European regulations that strictly prohibit that, there is a basic conflict,” he explains.
The activist is still a Facebook user and considers that unsubscribing is not the solution.
“There are two arguments: if you do not like to leave, the other is: you can not do anything, it works like that, because I believe that neither one nor the other, what you should do is apply the law, ” he sums up.
The activist will soon launch his own NGO, called Noyb, acronyms of the expression in English “none of your business” (It’s none of your business), and has managed in a few months to collect more than 300,000 euros thanks to a campaign of crowdfunding
Although it recognizes that “there are great interests so that there is no international regulation” because the data is “the gold mine of large corporations”, it praises European regulations as the most advanced in the world in terms of protecting privacy.
- “The European model of data protection is already present in some 70 countries and is spreading, some Latin American countries already have it as their own, the US, for example, borders Canada and Mexico, two countries that have adopted it,” he says.
- In addition, it highlights that next May 25 will enter into force in the EU the new General Regulation of Data Protection (GDPR), which increases fines exponentially.
- In case a company violates the GDPR, it will face a fine of up to 20 million euros or even 4% of its annual worldwide turnover.
- For Schrems, this regulation will be a challenge for national data protection authorities, which should have more means and force them to act more expeditiously.
- “They should understand that they are like banking supervisors and that they must do something to enforce regulations,” he says.
- “Up to now, the big companies have found it cheaper not to comply with the rules because the fines were very small, in Austria the maximum was 20,000 euros,” he explains.
- Schrems says that his NGO will rely on the new regulation to act and that it already has a huge number of cases stacked in its office because “many companies act in an inherent way against European privacy regulations”.
- “Our policy, however, is to concentrate on those cases in which we detect an intentional and conscious violation of the regulations, ” he advances.