GDPR two years on: To ensure data protection for EU citizens, Data Protection Authorities must be equipped to do their job
Reacting to the European Commission's first review of the application of the EU General Data Protection Regulation (GDPR) published today, Renew Europe MEPs voiced their criticism of the inadequate enforcement throughout the bloc. The rules which came into force in 2018, created first class data protection for Europeans and quickly set the world standard, but the lack of financial and human resources allocated to the national data protection authorities (DPAs) prevent it from achieving its intended effects. Two years on, we urge the Commission and the Member States to step up their efforts and ensure national data protection enforcement alignment across the EU27. By the end of this year at the latest, all DPAs must be fully up to speed and dispose of the necessary means to carry out their tasks and enforce the regulation. The GDPR may well be the cornerstone of protecting our citizens' data, but it is only one of the tools that Europe urgently needs to improve on. The sluggish implementation of the Data Protection Law Enforcement Directive raises serious questions, while an agreement on e-Privacy could not come soon enough, to complement the GDPR.
MEP Sophie in 't Veld, Renew Europe's LIBE committee Coordinator said:
"The total budget of all data protection authorities in the EU is 325 million euros. That is the equivalent of Facebook's revenue in Europe in a little more than a week. Only four data protection authorities in the EU have more than 10 tech specialists. Underfunded privacy watchdogs in small countries like Ireland and Luxemburg have to keep an eye on American tech giants on behalf of the entire EU. I am very concerned about this unequal battle. The European Commission needs to urgently decide whether it values the protection of EU citizens most, by taking steps against governments that systematically refuse to provide sufficient resources to the data protection authorities."
MEP Moritz Körner, Member of the LIBE committee commented:
"The GDPR has so far failed to achieve its goals. National data protection authorities are the main bottleneck hampering effective enforcement. The EU Commission's criticism of the insufficient funding of national data protection authorities is therefore correct. The systematic inaction or delay tactics of some data protection authorities must be remedied as soon as possible through infringement proceedings."