There are serious problems with the implementation of the General Data Protection Regulation (GDPR). This is the key finding of the second official evaluation report published by the European Union Commission on Thursday. It calls for clear guidelines to strengthen data protection in all member countries.
Advertisement
The Commission considers more effective cooperation between supervisory and regulatory authorities at national and EU level to be essential to ensure an even and consistent application of the GDPR and other digital EU rules, such as the Digital Services Act (DSA) and the new AI regulation. Guarantee.
“The Cornerstone of Digital Transformation”
“The GDPR is one of the cornerstones of the EU’s approach to the digital transformation,” the Commission stressed. On 31 pages. Fair, secure and transparent processing of personal data and the guarantee that the individual remains in control “form the basis for all EU programmes that process personal data”.
After six years, there is a “broad consensus” that the GDPR has brought important results “despite some challenges”. This is in principle consistent with the findings of the first report of 2020. “At the same time, further progress should be made in a number of areas,” the Commission calls for.
In the coming years, the focus should be on supporting the efforts of small and medium-sized enterprises (SMEs) as well as scientists and research organisations to comply with the GDPR. The provision of clearer and more practical guidelines by data protection authorities and a “more uniform interpretation and enforcement” of the regulation across the EU are therefore essential.
100,000 complaints per year
According to the report, responsible inspectors receive a total of more than 100,000 complaints per year. The average processing time is between one and twelve months. In 2022, data protection authorities in Germany issued the most decisions with approved measures (3261), followed by Spain (774) and Lithuania (308). The total amount of the 6,680 fines imposed amounted to approximately 4.2 billion euros.
To fully achieve the goals of the GDPR, the Commission primarily needs its “stronger enforcement”. First of all, member states and the newly elected EU Parliament should quickly adopt last year’s draft law, which aims to improve cooperation between national supervisory authorities in cross-border cases and, above all, solve the “Ireland problem”. The Irish Data Protection Authority, which is responsible for almost all big tech companies, has long been considered an obstacle to GDPR enforcement.
No GDPR amendments visible
The Commission calls on the European Data Protection Board (EDPB) to establish regular cooperation with other regulatory authorities. The body should also introduce more efficient and targeted working arrangements for decisions and prioritise key issues such as anonymity and pseudonymity “in order to reduce the burden on data protection authorities and to be able to react more quickly to market developments”.
“The complaints we have filed against Google will take more than 5 years to resolve.” EU consumer protection association Beuc comments on the report. “That’s why we need faster and more effective processes.”
In February, the Federal Council called for a comprehensive GDPR reform because providers like Microsoft should be held accountable for compliance in the future. “There is no interest in completely changing the law,” says Isabel Roccia of the International Association of Privacy Professionals (IAPP). More guidelines and smaller GDPR reforms are the obvious options.
(vbr)
