The bloc’s privacy regulator laments the lax enforcement by the member states.

Cross-border Big Tech privacy cases should be handled by the EU watchdog rather than national agencies, the head of the bloc’s data protection watchdog said on Friday. According to Reuters, he went on to lament the poor enforcement of landmark rules adopted four years ago.

The rules known as the General Data Protection Regulation (GDPR) have drawn criticism over the costs of compliance and long-running investigations with few decisions. The Irish regulator — which oversees Google, Meta, Apple, Microsoft, and Twitter — has particularly come under fire for its slow pace of enforcement.

A push for centralized enforcement

One solution could be to hand over big cases to the European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) which oversees EU institutions, EDPS head Wojciech Wiewiorowski said.

“I myself share views of those who believe we still do not see sufficient enforcement, in particular against Big Tech”, he told at a conference. “At a certain moment, a pan-European data protection enforcement model is going to be a necessary step to ensure real and consistent high-level protection of fundamental rights to data protection and privacy across the European Union.”

He said this could mean that key investigations, based on a certain threshold, would be done at a central level, and subject to direct scrutiny of Europe’s top court. Empowering the EDPB to take on Big Tech cases directly would mean changing GDPR rules. The European Commission is unlikely to do so under the current leadership because of insufficient time, a European Commission official told Reuters.