EU privacy enforcement not working, says GDPR architect

Tensions building over lengthy investigations by Irish regulator

Meta’s headquarter building in Dublin. Photograph: Dara Mac Dónaill/The Irish Times

Meta’s headquarter building in Dublin. Photograph: Dara Mac Dónaill/The Irish Times


European Union privacy enforcement still isn’t working according to plan and changes may be needed, according to one of the architects of the sweeping General Data Protection Regulation (GDPR).

“I am not satisfied,” Vera Jourova, the European Commission’s vice president for values and transparency, warned at a conference on Thursday. “We see gaps” and “we see that some data protection authorities in some member states are understaffed, not equipped with sufficient budget, not supported with sufficient political support from the governments.”

Tensions have been building among data watchdogs over the amount of time the Republic’s Data Protection Commission is taking to complete investigations of big US tech companies with EU bases here – including Meta’s Facebook and Apple. Ms Jourova told Bloomberg in March that the agencies need to sort out “public squabbles”.

Clear message

“My message is clear: if this decentralised system for enforcement” under the GDPR, “which was meant to be a strong tool, especially in the hands of the individual people, if this does not work, then we will have to propose changes,” said Ms Jourova.

GDPR, which took effect in 2018, empowers EU data regulators to levy penalties of as much as 4 per cent of a company’s annual revenue for the most serious violations. The Data Protection Commission has fined Twitter €450,000 and in September ordered Facebook’s WhatsApp to pay €225 million for failing to be transparent about how it handled personal information. – Bloomberg