Brussels, BE – On June 24, the European Commission presented its report on the application of the General Data Protection Regulation. The law, which came into effect two years ago, is a landmark data protection framework that has positioned the European Union as a global standards setter for safeguarding the use of personal data.
Many of the findings and proposals highlighted by the Commission are in line with recommendations made by Access Now in our 2019 and 2020 reports on the application of the GDPR. First, the Commission’s report finds that while the GDPR strengthens people’s rights, the enforcement of the law could be improved.
The GDPR faced one of the most aggressive lobbying efforts against a piece of legislation in the EU: the debate and negotiations lasted for nearly five years, and after more than 3,000 amendments were made, it emerged as a flagship law for protecting data in the digital era. Even after its 2016 adoption, industry lobbying against it never really ceased, which is a contributing factor as to why today’s report by the European Commission has been so highly anticipated. Many business operatives evidently hoped the review process would lead to a re-opening of the law. Thankfully, the GDPR and its vital and necessary protections live on.
The GDPR has played a crucial role in raising awareness around why data protection matters, how often our personal data are misused, and how people can now exercise their rights and seek remedy for these violations. Unfortunately, enforcement of the GDPR has severely lagged. As we reported in May, Data Protection Authorities have been crippled by a lack of resources, tight budgets, and administrative hurdles, and have been unable — or sometimes, unwilling —to enforce the GDPR adequately. The European Commission reached similar conclusion in its report. Importantly, the Commission notes that it is ready to use “infringement procedures” to ensure that national governments comply with the GDPR. This call was made by the European Parliament and supported by Access Now.
“The EU and its states have invested a lot of time and energy in adopting the GDPR. The EU must put its money where its mouth is and invest the resources necessary to realise the promise of the GDPR,” said Estelle Massé, Senior Policy Analyst and Global Data Protection Lead at Access Now.
Finally, the Commission specifically highlights that the GDPR should not be abused to curtail press freedom. In our 2020 report, Two years under the GDPR, we detailed how in Poland, Romania, Hungary, and Slovakia, courts and authorities have been abusing the GDPR to curtail investigative journalism or target civic tech NGOs by pressuring outlets to reveal their sources. We called on the Commission to launch infringement procedures in countries where these abuses would occur.
Read Access Now’s report – Two Years Under the GDPR
Note: Access Now is a member of the European Commission Multistakeholder Expert Group on the implementation of the GDPR and contributed to Annexes of the Commission’s report in that capacity.