<https://www.politico.eu/article/we-have-a-huge-problem-european-regulator-despairs-over-lack-of-enforcement/>
More than 18 months after the European Union began implementing the
world’s toughest privacy law, the bloc's ability to rein in Big Tech is
increasingly in doubt amid growing frustration over a lack of
enforcement actions and weak cooperation on investigations.
Passed in May 2018, the General Data Protection Regulation (GDPR) was
largely viewed as a model for the United States and other nations
struggling to find effective limits on data collection by technology
companies.
There was little doubt that, given the breadth of the law and the many
suspected violations by global tech firms, there would soon be heavy
fines or, at least, sanctions that would force Big Tech to change its
operating methods.
But that promise has not been fulfilled. Aside from a €50 million fine
<https://www.politico.eu/article/france-hits-google-with-e50-million-fine-for-gdpr-violation/>
that France's privacy regulator imposed on Google in January, there have
been no fines or remedies levied at a U.S. giant since the GDPR came
into effect. And the two nations most directly responsible for policing
the tech sector — Ireland and Luxembourg, where the largest tech firms
have their European headquarters — have yet to wrap up a single
investigation of any magnitude concerning a U.S. firm.
Now the Irish regulator which oversees Google, Facebook, Microsoft and
Twitter, among other giants, says that its first decision will not be
delivered until early next year, adding to previous delays.
Probes take time because Europe's law is untested and cases need to
stand up to the scrutiny of all 28 EU nations, as well as in
national court.
Ireland and Luxembourg have faced special scrutiny because so many U.S.
tech companies have set up shop in those tiny nations, which have
actively courted them thanks to a mix of low corporate tax rates and
business-friendly regulation. Those close relationships have created a
strong degree of economic dependency, particularly in the Irish case
<https://www.politico.eu/interactive/ireland-blocks-the-world-on-data-privacy/>,
which raises questions as to whether these countries are best suited to
regulating Big Tech.
Now, regulators in other countries are speaking out about their doubts.
Hamburg's data protection authority says that the current
“one-stop-shop” system, in which many major investigations are carried
out by authorities in Dublin or Luxembourg, creates serious bottlenecks
and an "unsatisfactory" situation for millions of web users.
"After nearly one and a half year we must concede that we have a huge
problem with the enforcement of cross border processing especially by
globally acting companies," a spokesperson for the authority, one of 16
in Germany, told POLITICO, referring to cases that concern web users in
more than one country. “It is absolutely unsatisfactory to see that the
biggest alleged data protection violations of the last 15 months with
millions of individuals [concerned] are far away from being sanctioned."
Luxembourg’s regulator declined numerous requests for comment. Irish
privacy chief Helen Dixon insisted in an interview that the delays have
to do with the complexity of enforcing a new law.
[...]
_______________________________________________
nexa mailing list
[email protected]
https://server-nexa.polito.it/cgi-bin/mailman/listinfo/nexa
