(Bloomberg) -- As Facebook Inc.’s feud with privacy campaigner Max Schrems simmers on, another Austrian is set to emerge as the European Union’s most powerful data-protection official, heading a panel of regulators with unprecedented powers to fine big businesses billions of euros.
Andrea Jelinek, 57, is the new chair of the group of 28 EU privacy authorities, which from May 25 will be able to wield penalties as high as 4 percent of global annual sales for serious violations when new rules kick in.
Jelinek, who’s headed the Austrian privacy watchdog in Vienna since 2014, warned that companies falling foul of the tough new EU legislation can’t expect any leniency.
“It’s hard for everybody, for the companies and for the regulators, for all of us it’s a new situation,” Jelinek said in an interview. But having had more than two years to prepare, there is no doubt that come the deadline, “we all have to be ready.”
Her work so far has been low key in comparison with compatriot Schrems, 30, who’s made a name for himself globally for his David versus Goliath fight against Facebook’s handling of personal data.
Schrems won a landmark EU court ruling in 2015 that struck down a key trans-Atlantic data-sharing pact amid concerns that U.S. security services could gain unfettered access to the Facebook’s customer information sent to the U.S. The law-school graduate even managed to get a second case referred to the EU’s top court, also concerning the protection of Facebook data.
But Jelinek could be about to make her mark as revelations that the data of millions of Facebook users ended up in the hands of a consulting firm that worked on Donald Trump’s U.S. presidential campaign shook the privacy world like never before.
The U.K.’s privacy regulator, Elizabeth Denham, who is leading the European investigations into the scandal, called it a game changer. Jelinek backed Denham’s assessment, saying it has raised an unprecedented level of awareness in people around the world about the safety of their personal data.
She points to the irony of comments by Facebook’s founder Mark Zuckerberg that he “doesn’t want everybody to know in which hotel he slept in Washington,” while there for two days of hearings last week.
“It’s really interesting that the one who is running that kind of business model doesn’t want everybody to know anything about him,” she said.
Facebook would dodge the tough new EU privacy sanctions if any violations in the Cambridge Analytica case are proven because the rules don’t apply retroactively.
But the Facebook scandal means that “people really got aware that privacy isn’t just any topic, it’s something that really affects them, because their own data is being used,” said Jelinek, who took on her European role in February.
As a company “you have to take into account your responsibility regarding the data of your clients and be transparent, with or without scandals,” said Jelinek. “And if there is no compliance, we will have to use the new powers” regulators will get from next month.
Zuckerberg last week spent about 10 hours in front of Congress answering questions about how Facebook handles content and users’ privacy, resulting in calls by some lawmakers for new regulation of social media.
Zuckerberg has been called to appear in the European Parliament to explain how Facebook data of as many as 2.7 million Europeans could have been passed to Cambridge Analytica. Facebook has said he will not appear. He is set to meet this week with European Commission Vice-President Andrus Ansip, who is on a visit to San Francisco starting Tuesday.
©2018 Bloomberg L.P.