Profile
NOYB
GDPR
Google
WhatsApp
Facebook
the General Data Protection Regulation
Big Tech
the European Consumer Organization
EU
Amazon
Netflix
Spotify
Airbnb
Yahoo
Twitter
Microsoft
Apple
the Irish Data Protection Commission
DPC
the Irish Council for Civil Liberties
The European Commission
the European Commission
Justice
the EU Ombudsman
Reynders
Access Now
procedure.”Despite
H&M
blacklist,’
the European Data Protection Supervisor
Europol
Fieldfisher
Google Analytics
Motherboard
companies’
CNIL
the Digital Services Act
the European Data Protection Board
Massé
Condé Nast
Affiliate Partnerships
Matt
Romain Robert
countries’
David Martin Ruiz
Facebook
PimEyes
Helen Dixon
Johnny Ryan
Didier Reynders
Estelle Massé
Wojciech Wiewiórowski
Hazel Grant
Ulrich Kelber
Tobias Judin
Alain Herrmann
Marie-Laure Denis
Viviane Redding
👁️
Europeans
Irish
Belgian
LaLiga
German
French
pandemicThese
️
Europe
California Privacy Rights.
Instagram
Brussels
Luxembourg
Netherlands
Sweden
Ireland
Poland
France
Germany
Norway
Italy
UK
Groupon
Slovenia
Spain
London
Austria
” Ireland’s
cooktopThousands
♀
Android
“There’s still what we call an enforcement gap and problems with cross-border enforcement and enforcement against the big players,” adds David Martin Ruiz, a senior legal officer at the European Consumer Organization, which filed a complaint about Google’s location tracking four years ago.Lawmakers in Brussels first proposed reforming Europe’s data rules back in January 2012 and passed the final law in 2016, giving companies and organizations two years to fall in line. (Ordering a company to stop processing people’s data is arguably more impactful than issuing fines.) It was never likely that GDPR fines and enforcement were going to flow quickly from regulators—in competition law, for instance, cases can take decades—but four years after GDPR started, the total number of major decisions against the world’s most powerful data companies remains agonizingly low.Under the dense series of rules that make up GDPR, complaints against a company that operates in multiple EU countries are usually funneled to the country where its main European headquarters are based. “We have launched six infringement procedures under the GDPR.” These legal cases include action against Slovenia for failing to import GDPR into its national law and questioning the independence of the Belgian data authority.However, following a complaint from Ryan in February, the EU Ombudsman, a watchdog for European institutions, opened an inquiry into how the Commission has been monitoring data protection in Ireland. “If you compare the awareness about cybersecurity, about data protection, about privacy, as it looked like 10 years ago and it looks today, these are completely different worlds,” says Wojciech Wiewiórowski, the European Data Protection Supervisor, who oversees GDPR cases against European institutions, such as Europol.Companies have been put off using people’s data in dubious ways, experts say, when they wouldn’t have thought twice about it pre-GDPR. Neither Google nor Facebook provided comment in time for publication.“There is a lag, especially on Big Tech, enforcing the law on Big Tech—and Big Tech means cross-border cases, and that means the one-stop-shop and the cooperation among the data protection authorities,” says Ulrich Kelber, the head of the German federal data protection regulator. “We do question whether, in those cases that have a European-wide impact, it makes sense and whether it is feasible that these cases are solely dealt with by one data protection authority until we reach the decision stage,” Judin says.Luxembourg’s data regulator hit Amazon with a record-breaking €746 million ($790.6 million) fine last year, its first case against the retailer. “It’s just the [one-stop-shop] system, the lack of resources, the lack of clear law and procedure, which makes their job even more difficult,” Robert says.The French data regulator has, in some ways, sidestepped the international GDPR process by directly pursuing companies’ use of cookies. “Because it’s a member state’s obligation to give sufficient resources to data protection authorities to carry out their duties.” The staff and resources regulators have to investigate and enforce is dwarfed by those of Big Tech.“Potentially, if there was the possibility for some kind of an instrument specific to the GDPR—being a legal instrument—that would specify certain process and procedural issues, that might assist,” Ireland’s Dixon says. “If we cannot deal with Big Tech, we will create a permanence to the fatalism that people feel about privacy and data.” Four years in, Massé says she still has hope for GDPR enforcement.
As said here by Wired