Yet that's exactly what Max Schrems achieved on Tuesday when the European Union's top court ruled in his favour, declaring that a key transatlantic data deal relied on by giant corporations such as Facebook was invalid in the light of widespread spying revealed by the Edward Snowden scandal.
The verdict strikes down the so-called Safe Harbour pact signed between the European Commission and the United States in 1998, allowing American companies to transfer data from the EU to the US as long as they ensured adequate levels of protection.
But for Schrems, who turns 28 this month, the agreement failed to live up to its promise in the wake of details leaked by former US National Security Agency (NSA) contractor Snowden.
According to the American whistleblower, the NSA had access to users' data on Facebook and other US tech companies. Although the firms have denied the allegations, the scandal has nevertheless opened a can of worms and helped pave the way for Schrems' legal victory.
“Yay!” he declared in a jubilant tweet just minutes after the European Court of Justice announced its decision.
In a later statement, the outspoken activist described the ruling as a potential “milestone” for online privacy.
“This judgement draws a clear line. It clarifies that mass surveillance violates our fundamental rights…(It) makes it clear that US businesses cannot simply aid US espionage efforts in violation of European fundamental rights,” he noted.
'Wild West' laws
In the lead-up to the verdict, Schrems looked relaxed, flashing his trademark grin as he leaned against a row of seats inside the court room, hands in his jeans pockets.
The PhD student from Vienna has grown accustomed to journalists' questions since he began his fight against Facebook four years ago, after spending a semester at Santa Clara University in Silicon Valley.
Schrems said he had been startled by American companies' lax attitude towards European privacy laws.
“The general approach in Silicon Valley is that you can do anything you want in Europe” without facing major consequences, Schrems told AFP in an earlier interview.
“We have privacy laws here in Europe but we are not enforcing (them). The core issue is: do online companies have to stick to the rules or do they live somewhere in the Wild West where they can do whatever they want to do?”
Following his return to Austria, he requested Facebook provide him with a record of the personal data it held on him.
Schrems was shocked when he received no less than 1,222 pages of information.
These included photos, messages and postings on his Facebook page dating back years — some of which he thought he had deleted — the times he had clicked “like” on an item, and “pokes” of fellow users.
“When you delete something from Facebook, all you are doing is hiding it from yourself,” he said.
Battle goes on
Believing that Facebook was contravening EU law, he filed 22 complaints with Ireland's Data Protection Commissioner (DPC) in Dublin, where Facebook has its European headquarters.
When the DPC rejected the case on the basis of the Safe Harbour agreement, Schrems remained undeterred and took his cause all the way to the European Court of Justice.
Despite Tuesday's win, the David-versus-Goliath battle is far from over for the Austrian who is also trying to launch a class action in Austria against Facebook for alleged privacy breaches.
He is currently appealing a decision by a Viennese judge to reject the suit in July on the basis that the court lacked jurisdiction to decide the matter.
Some 25,000 people from around the world have signed up to the action, with each plaintiff claiming a symbolic sum of €500 ($540) in damages.
Facebook, which denies the alleged breaches, has accused Schrems of launching the lawsuit for financial reasons rather than for his rights as a consumer — a claim laughed off by the activist's lawyer, Wolfram Proksch: “He lives for, but not off the case.”