More than 4 years after the GDPR was adopted, and nearly 2 years after it became fully enforceable on 25 May 2018, @DPCIreland, the EU authority responsible for enforcing the GDPR against most of big tech, announced its first two 'draft' decisions: https://www.cnet.com/news/twitter-and-whatsapp-in-firing-line-as-ireland-submits-first-draft-gdpr-decisions
Better late than never, and both cases are interesting. But both don't go to the heart of today's surveillance business models, and many complaints and potential GDPR violations still remain unaddressed.
Pragmatically, under the given circumstances, the delay is perhaps unavoidable. EU data protection authorities are dramatically under-resourced, and they cannot take the risk of year-long appeal procedures against multi-billion dollar companies.
Practically, it's a disaster.
Practically, it's a disaster.
The tech industry has greatly benefited from non-enforcement, and still does. Violating people's rights and freedoms is not even a 'cost of doing business'.
Here's what I told TechCrunch in January about the state+implications of GDPR non-enforcement:
https://techcrunch.com/2020/01/17/privacy-experts-slam-uks-disastrous-failure-to-tackle-unlawful-adtech/
Here's what I told TechCrunch in January about the state+implications of GDPR non-enforcement:
https://techcrunch.com/2020/01/17/privacy-experts-slam-uks-disastrous-failure-to-tackle-unlawful-adtech/
The GDPR is a compromise. But I still think, it's by far the best of all insufficient approaches to safeguarding rights in the age of pervasive data exploitation globally.
And although under-resourced, many EU data protection authorities do a great job in very different areas.
And although under-resourced, many EU data protection authorities do a great job in very different areas.
But enforcement in major (and very relevant+visible) areas from #bigtech to #adtech is a total fail.
The EU and member states should have invested massive resources already from 2016 on, in order to be able to act both forcefully and robustly after 2018.
They must do so now.
The EU and member states should have invested massive resources already from 2016 on, in order to be able to act both forcefully and robustly after 2018.
They must do so now.
To emphasize this once more, many EU dp authorities do impressive work at the local level. I recommend e.g. reading some annual reports of German state DPAs, they're arbitrating personal data processing in SO many areas of society, very worthy.
Yet, this is all doomed if not...
Yet, this is all doomed if not...
See also this thread, including official info by @DPCIreland: https://twitter.com/FantaAlexx/status/1264138777762705408