1. Maximilian Schrems was born on 1987 and is an Austrian activist, lawyer, and author who became known for campaigns against Facebook for its privacy violations, including violations of European privacy laws and the alleged transfer of personal data to the US National Security Agency as part of the NSA's PRISM program.
Max Schrems later made a request under the European Right of access to personal data provision for the company's records on him and received a CD containing over 1,200 pages of data, which he published at europe-v-facebook.
Max Schrems filed a first round of complaints against the company with the Irish Data Protection Commissioner in 2011.
In 2014 Max Schrems took back the complaints, claiming that he never received a fair procedure before the Irish Data Protection Commissioner.
Max Schrems has never received a formal decision by the DPC and was denied access to all submissions by Facebook and the files of the case.
In 2013 Max Schrems filed a complaint against Facebook Ireland Ltd with the Irish Data Protection Commissioner, Ireland being the country where Facebook has its European Headquarters.
Max Schrems based his complaint on EU data protection law, which does not allow data transfers to non-EU countries unless a company can guarantee "adequate protection".
Max Schrems filed an application for judicial review in the Irish High Court over the inaction by the Irish DPC, which was granted.
Max Schrems said that Irish law relating to privacy had effectively been pre-empted by European law and that the core issue was whether the relevant directives should be re-evaluated in the light of the subsequent entry into force of Article 8 of the Charter of Fundamental Rights of the European Union.
In essence Max Schrems therefore argued that the Safe Harbor system would violate his fundamental right to privacy, data protection and the right to a fair trial under the Charter of Fundamental Rights of the European Union.
Max Schrems said the European Commission was unable to guarantee that "adequate" safeguards for the protection of data are met, a remark that Schrems said was the most striking thing he heard at the hearing.
Max Schrems held the view that the Safe Harbor agreement was invalid and said that individual data protection authorities could suspend data transfers to third countries if they violated EU rights.
On 2 December 2015, Max Schrems resubmitted his original complaint against Facebook with the Irish Data Protection Commissioner.
Max Schrems sent similar complaints to the Hamburg and Belgian Data Protection Authorities, which both claim jurisdiction over Facebook.
Max Schrems argues that these agreements incorporate exceptions for cases of illegal mass surveillance, and thus that the CJEU ruling applies to these agreements as well.
The Irish Data Protection Commissioner took the view that Max Schrems had raised "well-founded" objections, but that it needs further guidance from the CJEU to determine the complaint.
On 1 August 2014 Max Schrems filed a lawsuit against Facebook at the local Viennese courts.
Max Schrems enabled other Facebook users to join his case, generating a "class action" style suit, dubbed by the press as a David and Goliath suit, estimated as likely to be the largest class action privacy suit ever brought in Europe.
The Court's decision hinged on whether Max Schrems was merely a consumer of Facebook, since it was on that basis that Max Schrems was able to pursue a case in an Austrian civil court in his place of residence.
Facebook accused Max Schrems in having a commercial interest in his numerous legal actions against Facebook.
In October 2015, the Higher Regional Court of Vienna reversed the regional court ruling, finding that Max Schrems is a consumer and that he does not act in any commercial interest.
The Higher Regional Court ruled that Max Schrems can bring his own claims against Facebook Ireland in Vienna, which constituted 20 of the 22 claims in the lawsuit, but is unable to form a class action for procedural reasons.
Shortly after its coming into effect on 25 May 2018, Max Schrems filed suit under the newly promulgated General Data Protection Regulation in Ireland against Google and Facebook for coercing their users into accepting their data collection policies.
On 18 January 2019, Max Schrems filed further GDPR complaints against Amazon, Apple Music, DAZN, Filmmit, Netflix, SoundCloud, Spotify, and YouTube.