As Europe’s General Data Protection Regulation (GDPR) enters its second year, privacy advocates say they are concerned that it has fallen short of the European Commission’s commitments,media reported. With the investigation moving too slowly under the supervision of an underfunded Irish institution, some have begun to question the flaws in this approach.
The EU’s GDP R came into force two years ago in the hope of overhauling the way companies process customer data.
The idea behind this far-reaching rule is that businesses are responsible for violating user privacy, failing to protect users’ personal data, or misusing users’ personal data in any way. If not, the target company could be fined up to 20 million euros.
Not everyone is happy with how things are going. Industry watchers and privacy activists such as Max Schrems worry that investigations into big companies such as Facebook and Google have been slow, inefficient and some Kafkaesque, so they have little effect.
In an open letter to the European Commission, Schrmes noted that companies such as Facebook and its subsidiaries, WhatsApp and Instagram, relied on “bypassing consent” from the way users’ personal data was disenated, which led to unprocessed complaints.
Schrmes is also disappointed that Ireland’s privacy regulator has been complacent after taking a small step. In its view, the department’s “results” seem to require a lengthy legal battle and that companies found to have violated GDPR rules have been fined almost none.