Max Schrems, EU Privacy Lawyer Who Took on Meta Challenges Chinese Big Tech

Key Takeaways

• For the last decade, Max Schrems has pursued legal action against Big Tech firms that breach EU data law.
• These complaints have typically targeted Meta and other U.S. Big Tech firms.
• The latest GDPR complaints filed by NOYB turn their attention to Chinese companies.

The EU data protection campaign group founded by Max Schrems has filed a string of GDPR complaints against TikTok, AliExpress, SHEIN, Temu, WeChat, and Xiaomi.

The complaints mirror similar actions Schrems has taken against Meta and other American firms that have made him a persistent thorn in the side of Big Tech.

Max Schrems: Big Tech’s GDPR Antagonist

Austrian privacy activist and EU lawyer Max Schrems has spent the last decade holding tech giants accountable under the General Data Protection Regulation (GDPR).

His landmark legal battles, known as Schrems I and Schrems II, reshaped data transfer practices between Europe and the United States.

Schrems I had its roots in a complaint about Facebook data being transferred to the U.S. for processing.

In the wake of Edward Snowden’s revelations about the mass U.S. surveillance of digital communications, Schrems argued that the company’s transatlantic data flows failed to protect EU citizens from being snooped on, in violation of EU privacy law.

As a result of Schrems I, the Court of Justice of the European Union (CJEU) invalidated the Safe Harbor framework, which allowed U.S. companies to process EU citizens’ data.

The EU-U.S. Privacy Shield was created to replace the Safe Harbor framework and enable the continued transfer of user data from the EU to the U.S.

However, five years after Schrems struck down the original data-sharing agreement, Schrems brought a second GDPR complaint against Facebook which dealt a similar blow to the Privacy Shield.

From American to Chinese Big Tech

Since 2017, the campaign group Schrems founded, NOYB, has taken up the mantle of pursuing GDPR litigation

While NOYB has mostly focused on alleged GDPR violations committed by Meta and other U.S. companies, in its latest action, the group has taken aim at Chinese Big Tech for the first time.

In a statement , NOYB observed that data transfers outside the EU are only allowed if the destination country doesn’t undermine the protection of data.

“Given that China is an authoritarian surveillance state, companies can’t realistically shield EU users’ data from access by the Chinese government,” the statement emphasized.

“After issues around U.S. government access,” it added, “the rise of Chinese apps opens a new front for EU data protection law.”

Chinese Surveillance Concerns

As NOYB’s latest GDPR complaints highlight, the rising popularity of Chinese social media and commerce platforms creates new threats to online privacy.

Across Europe and America, concerns about ByteDance’s ties to Beijing have prompted lawmakers and regulators to crack down on TikTok, restricting its use on official devices and, in the most extreme case, potentially banning it from U.S. app stores.

Meanwhile, although it has received less international attention, Tencent’s WeChat has also been accused of monitoring users’ communications and sharing data with the Chinese government.

After years of negotiation, in 2023, the European Commission adopted a third transatlantic data-sharing framework to replace the one that was invalidated by Schrems II.

To get the transatlantic privacy framework over the line, the U.S. agreed to a set of binding safeguards designed to intelligence agencies’ access to EU data. However, the chances of the EU reaching a similar agreement with Beijing are slim.

If anything, diplomatic relations with China are deteriorating as the EU enters a new period of heightened geopolitical tensions with the country.