Beuc, the European consumer protection umbrella group, published a new report on the obstacles standing in the way of effective cross-border enforcement of the EU’s flagship data protection plan.
The report makes for awkward reading for lawmakers and regulators as they work towards a comprehensive way to shape Europe’s future of oversight.
Beuc members filed complaints protesting Google’s use of location data in November 2018, but it has been two years now, and nothing has been done. The tech giant is still making billions in ad revenue, including processing and monetizing data collected from internet users.
Taming big tech could take years
Finally, in February this year, the lead data protection supervisor GDPR mechanism enabled Ireland’s Data Protection Commission (DPC) to open an investigation. The depressing part is that Google could still keep doing what it does without regulatory action for years before anything happens.
The reason for the holdup is because the DPC has not yet issued any cross-border GDPR decisions, two and a half years after the regulation was put into action.
Recently though, a Twitter data breach case moves ever so slightly towards a result that could arrive very soon.
France epitomizes efficiency
Contrast all of this with France, where the data watchdog CNIL finished its GDPR investigation into Google’s data processing transparency very quickly. Furthermore, this summer saw French courts confirm a $57 million fine after the investigation, denying Google’s appeal.
The case, however, predates Google coming under the jurisdiction of the DPC. Meanwhile, Ireland’s regulator has had to contend with many multinational tech companies, considering how many have decided to establish their EU head offices in the country.
They have a significant backlog of cross-border cases, and only time will tell if anything will change.