GDPR Enforcement Falls Short Against Big Tech, Report Reveals

Key Challenges in Cross-Border Data Protection

A new report by Beuc, Europe’s leading consumer protection group, highlights significant barriers in enforcing the General Data Protection Regulation (GDPR) against tech giants. The findings underscore systemic delays and inefficiencies, particularly in cross-border cases involving companies like Google.

The Google Location Data Case: A 2-Year Standstill

  • November 2018: Beuc members filed complaints against Google’s location data practices.
  • February 2020: Ireland’s Data Protection Commission (DPC)—Google’s lead EU regulator—finally opened an investigation.
  • Today: No resolution has been reached, while Google continues generating billions in ad revenue ($251 billion since 2018).

“Since 2018, legal cases in 🇪🇺, 🇺🇸 &🇦🇺 have been launched against Google… Since then, nothing happened.”@beuc

Why the Delay?

  1. Ireland’s DPC Backlog:
    • Zero cross-border GDPR decisions issued in 2.5 years.
    • Over 20 ongoing probes into Apple, Facebook/WhatsApp, LinkedIn, and Google.
  2. Procedural Hurdles:
    • Unnecessary admissibility checks.
    • Limited third-party redress under Irish law.
  3. Inquiry Scope: The DPC’s probe only covers Google’s practices since February 2020, ignoring 15 months of contested activity.

Contrast with France’s CNIL

  • January 2019: France fined Google $57 million for GDPR violations.
  • June 2020: French courts upheld the penalty after Google’s appeal failed.

Note: This case predated Google’s shift to Ireland’s jurisdiction.

EU Acknowledges Enforcement “Bottlenecks”

Thierry Breton, EU’s Internal Market Commissioner, admitted GDPR enforcement faces challenges. The European Commission aims to avoid similar issues with the upcoming Data Governance Act (DGA), which mirrors GDPR’s oversight structure.

Beuc’s Recommendations for Reform

  1. Faster Interventions: DPAs must act swiftly to curb abuses.
  2. Stronger Consumer Protections: Address imbalances in cross-border legal proceedings.
  3. Joint EU-National Efforts: Improve coordination to resolve cases efficiently.

“The GDPR must finally show its strength and become a catalyst for change.” — Beuc Report

What’s Next?

  • The Irish DPC defends its “real-time” investigation approach.
  • The EU pledges to enhance GDPR enforcement through bilateral talks and potential infringement procedures.

For deeper insights, read the full report: “The Long and Winding Road”.

Updates:

  • The DPC clarified its “forward-looking” inquiry strategy.
  • The Commission reaffirmed commitments to GDPR improvement in its 2020 evaluation.
Remaining 0% to read
All articles, information, and images displayed on this site are uploaded by registered users (some news/media content is reprinted from network cooperation media) and are for reference only. The intellectual property rights of any content uploaded or published by users through this site belong to the users or the original copyright owners. If we have infringed your copyright, please contact us and we will rectify it within three working days.