The European Union will strengthen the monitoring of cases of confidentiality violations. Member States will have to be more transparent.
The European Union is ready to take tough action against Big Tech’s privacy breaches, but the reliance on individual countries to enforce GDPR clauses has resulted in files being dragged out over time and penalties very often too modest. However, there should soon be more pressure to act more decisively. The European Commission now requires member states to share reviews of their GDPR investigations every two months. This includes “significant procedural steps”and actions taken. Therefore, regulators in different countries will have to demonstrate that they are taking action.
The European Union will step up monitoring of privacy violations
The tougher approach comes after a European ombudsman recommended more scrutiny of major technology cases that fall under the Irish Data Protection Commission, which regulates Meta and many other industry giants. The Irish Council for Civil Liberties (ICCL) has filed a complaint with the European Ombudsman, accusing the Irish Commission of being too wait-and-see and too lenient on privacy violations. Just a few weeks ago, the European Data Protection Board forced Ireland to increase the penalty against Meta, increasing it from 28 million euros to 390 million euros.
Member States will need to be more transparent
As noted by Bloomberg, the European Commission has been publishing reports every two years on the overall status of GDPR compliance. However, it does not conduct a detailed and frequent analysis of the activities of the regulators in each country. This new obligation should, in theory, hold all members of the European Union liable if they delay their investigations or fail to enforce the law when necessary. This may have legal implications in the Court of Justice of the European Union.
Opponents are unlikely to be enthusiastic about this requirement of transparency. Ireland and other countries will share their progress on a “strictly confidential basis”, the Commission said. Therefore, the general public may not know if a regulator is mishandling a particular file unless the European Union takes appropriate visible action. In any case, this may encourage Meta, Amazon, Google and the like to take European privacy laws more seriously. Investigations should be faster and fines bigger.