Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • Development
    • IT Management

    How EU Authorities See GDPR Effectiveness Two Years In

    Written by

    Nathan Eddy
    Published June 17, 2020
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      BERLIN—The European Union’s flagship data protection law, the General Data Protection Regulation (GDPR), has been in effect for two years as of May 25 and has led to an improved awareness of privacy rights—and not just within the continent, but globally.

      However, there are concerns that, while the framework of the regulation is solid, the EU and the European Commission is not doing enough to ensure that budgets and resources for Data Protection Authorities (DPAs) are sufficient to handle an increasing number of complaints and data privacy violations. 

      Furthermore, introduction of the GDPR has created a major degree of uncertainty, because data processing activities taking part in the course of daily business activities were all of a sudden being called into question in terms of their legality.

      This has led, in part, to “abstruse constellations,” according to Johanna Soetbeer, a lawyer and data protection consultant with German data protection and IT security specialist Intersoft Consulting. 

      GDPR: Better Privacy Management Overall, but Enforcement Lacking

      “Aside from the initial confusion, however, after two years of GDPR, the improved awareness regarding privacy, whether out of conviction or for fear of the significantly increased fines, has led to a better privacy management in many companies,” Soetbeer explained.

      She noted that since the introduction of the GDPR, companies are often more willing to put effort and resources into developing comprehensive data-protection strategies in order to ensure compliance with the GDPR.

      Intersoft’s Shobha Fitzke explained that in Germany, for example, companies have sought compliance with the requirements of the GDPR by implementing data-protection management systems and the recording of processing activities, called data mapping. 

      “On the other hand, the new documentation requirements require a lot of internal—and sometimes external—effort, and some companies complain that the GDPR merely generates more paper documents with no real purpose,” Fitzke pointed out. “Smaller companies in particular struggle with implementing all of the requirements.”

      For Brussels-based Estelle Massé, senior policy analyst and global data protection lead for international non-profit organization Access Now, the two-year anniversary of GDPR brings up “bittersweet” feelings. 

      “We remain convinced the framework can bring a lot of benefits to people, and there are clear mechanisms, and there is clear potential, because it is changing the way entities view data protection,” Massé said.

      Some EU States Lack Enforcement Resources

      However, the company’s recently published GDPR implementation progress report raises concerns that while the language of the regulation is robust, state-based DPAs still lack sufficient resources to enforce it. 

      “We put a lot of energy into adopting sound legislation, but then the same amount of resources are not put into enforcement, and it is frustrating both for people who have worked to push the legislation through and for those who have been promised those rights,” Massé said.

      She pointed to numerous flaws, which include a growing backlog of complaint cases that need to be resolved, political pressure within certain EU member states to relax enforcement to protect jobs created by large tech companies and the outright misuse of the law to curtail press freedoms. 

      Massé highlighted cases in Romania, Poland, Slovakia and Hungary, where courts and authorities have been abusing the GDPR to curtail investigative journalism or target civic tech NGOs by trying to force outlets to reveal their sources. 

      “There is very specific language in the GDPR that mentions the regulation always needs to take human rights and freedom of expression rights into account,” Massé said. “There might need to be clarification, but if you look at the language, it clearly does not authorize the issues that have happened. We feel people are testing the boundaries of the law.” 

      Call for More Human and Financial Help

      Massé called for governments across the EU to increase the financial and human resources allocated to DPAs, including technical staff, so that they can function properly and be able to address the large number of complaints. 

      Massé said the report found that out of 30 DPAs from all 27 EU countries, the United Kingdom, Norway and Iceland, only nine said they were happy with their level of resourcing.

      She said in order to send a unified message to global corporations, as well as to ensure the full independence of individual member DPAs, funding should come down from the EU. 

      “It’s EU legislation, and we cannot create holes in states where these tech companies can go shopping for a country that will be less strict with the way the law is applied,” Massé said. “Part of the EC should be dedicated to ensure these DPAs can act independently to enforce GDPR laws.” 

      Fitzke also pointed out that while the European Data Protection Board (EDPB) provides helpful guidelines and opinions on the consistent interpretation of GDPR provisions, there still seem to be some discrepancies among the member states on how to fulfill provisions of the GDPR accordingly.

      “It still seems difficult to bring about real changes with regard to data processing activities by the big tech companies, due to their monopoly of the market and the various ramifications,” Fitzke said. “There is still considerable room for further improvement and harmonization.”

      How the ePrivacy Directive Fits In

      Soetbeer explained that it is also necessary to link the GDPR to the ePrivacy Directive, which is focused on protecting privacy and security of personal data in electronic communications.

      She said in the future, data transfers outside EU/EEA would definitely be an issue of growing importance, because standard contractual clauses and privacy shield certification have been challenged “quite a lot” in the past.

      “We also see that privacy by design and privacy by default settings are an issue for a lot of companies, especially for software developers, and authorities might come up with guidelines here,” she said.

      The same applies for social media, online marketing (for example, cookies) as well as big data.

      “Authorities have a focus on companies like Facebook and how they handle personal data, and we believe that there will be stricter requirements and sanctions in the future,” Soetbeer said. “As online marketing, targeting, online behavioral advertising and cookies become more and more relevant in daily online life, the laws and regulations in this regard need to evolve as well.”

      Not Nearly Enough Citations?

      Access Now’s report records that from May 2018 to March 2020, authorities levied a mere 231 fines and sanctions, while as many as 144,376 complaints were filed between May 2018 and May 2019.

      These figures indicate the EU needs to start bolstering DPA resources apace, particularly when taking into account the huge disparity of resources between data-protection authorities and companies they oversee.

      The lack of cooperation between DPAs also has threatened to undermine the GDPR’s long-term capacity to change private-sector norms and practices with regard to data protection, the report warned. 

      Despite the persistent challenges to implementation, Massé noted one of the most exemplary successes of the regulation has been the global conversation around data privacy that it has sparked.

      The GDPR regulation has put data protection at the heart of many debates, including at the center of Coronavirus tracing app development, and brought attention to how much people are concerned about data privacy and protection.

      Brexit Has Impacted GDPR

      In addition to the COVID-19 pandemic, which has raised a series of data privacy concerns as governments try to contain the outbreak, Massé noted the United Kingdom’s decision to leave the EU also has consequences for the application of the GDPR and implications for the protection of personal data in Europe.

      “The issue we’re facing now is that the full scope of GDPR is not being used,” she said. “There are still mechanisms that need to be tested. Europe really led the way on how to protect personal data—on paper. Now we need to make sure this is delivered in practice.”  

      Nathan Eddy is a longtime eWEEK contributor based in Berlin.

      Nathan Eddy
      Nathan Eddy
      A graduate of Northwestern University's Medill School of Journalism, Nathan was perviously the editor of gaming industry newsletter FierceGameBiz and has written for various consumer and tech publications including Popular Mechanics, Popular Science, CRN, and The Times of London. Currently based in Berlin, he released his first documentary film, The Absent Column, in 2013.

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×