How GDPR Is Failing | WIRED

The French data regulator has somehow evaded the international GDPR process by directly pursuing the use of cookies by companies. Despite common beliefs, emerging cookies are annoying they do not come from the GDPR—Are governed by the EU’s independent e-privacy law, and the French regulator has taken advantage of it. Marie-Laure Denis, the head of the French regulator CNIL, has hit Google, Amazon and Facebook with heavy fines for bad cookie practices. Perhaps most importantly, it has forced companies to change their behavior. Google is modifying its cookie banners across Europe following the French app.

“We’re starting to see really concrete changes in digital ecosystems and the evolution of practices, which is really what we’re looking for. [for]Denis explains that the CNIL will then examine the collection of data for mobile applications in accordance with the law on electronic privacy and data transfers to the cloud according to the GDPR. The effort to apply cookies did not go “We still believe in the mechanism of application of the GDPR, but we need to make it work better and faster.”

In the last year, there have been growing calls to change the way the GDPR works. “The application should be more centralized for big business,” said Viviane Redding, the policy proposed by the GDPR in 2012, on the data law in May last year. The calls came when Europe passed its next two major pieces of digital regulation: the Digital Services Act and the Digital Markets Act. Laws, which focus on competition and Internet security, treat enforcement differently from the GDPR; in some cases, the European Commission will investigate large technology companies. The measure is a look at the fact that the implementation of the GDPR may not have been as smooth as politicians would have liked.

There seems to be little desire to reopen the GDPR itself; however, minor tweaks could help improve the application. At a recent meeting of data regulators by the European Data Protection Board, a body that exists to guide regulators, countries agreed that some international cases would run on time and set deadlines and said they would try to “join forces” in some research. Norwegian Judin says the measure is positive, but questions its effectiveness in practice.

Access Now’s Massé says a small amendment to the GDPR could significantly address some of today’s most important enforcement issues. Legislation could ensure that data protection authorities treat complaints in the same way (including the use of the same forms), explicitly state how the one-stop shop should work, and ensure that procedures in each country are the same. , says Massé. In short, it could clarify how the implementation of the GDPR should be managed in each country.

The view is also shared by data regulators, at least to some extent. Frenchman Denis says regulators should share more information, more quickly, about cross-border cases so they can create an informal consensus on a potential decision. “The Commission could also, for example, examine the resources given to data protection authorities,” says Denis. “Because it is the duty of a Member State to give sufficient resources to data protection authorities to carry out their functions.” The staff and resources that regulators need to investigate and enforce are overshadowed by those of Big Tech.

“Potentially, if there was the possibility of some kind of GDPR-specific instrument, which is a legal instrument, specifying certain processes and procedural issues, that could help,” says Dixon of Ireland. He adds that complications that could be resolved include problems with accessing files during investigations, if complainants have access to the investigation process and translation problems. “There’s a whole range of inconsistencies around that, which lead to delays and dissatisfaction on all sides,” Dixon says.

Without some changes and strong enforcement, civil society groups warn that the GDPR may not stop the worst practices of Big Tech companies and improve people’s sense of privacy. “What needs to be addressed immediately is Big Tech companies,” Ryan says. “If we can’t deal with Big Tech, we’re going to create a permanence in the fatalism that people feel about privacy and data.” Four years later, Massé says he still has hope for the implementation of the GDPR. “It’s not really what we expected. But it’s not in a place where I think we can start digging a grave for the GDPR and forget about it.”

Source link

Leave a Reply