How GDPR fails | WIRED UK

But at Big Tech levels where data is abundant, the extent of GDPR compliance is different. A recent internal Facebook document obtained by Motherboard suggests that the company doesn’t really know what it does with your data— a claim that Facebook denied at the time. Likewise, a WIRED and Reveal joint investigation at the end of 2021 found serious flaws in the way Amazon handles customer data. (Amazon said it has an “exceptional” record on data protection.)

Microsoft declined a request for comment. Neither Google nor Facebook provided comments in time for publication.

“There is a backlog, especially on Big Tech, in Big Tech law enforcement – ​​and Big Tech means cross-border cases, and that means the one-stop-shop and cooperation between data protection authorities “, says Ulrich Kelber, the head of the German federal data protection regulator. The one-stop-shop allows all European regulators to have a say in the lead regulator’s final decision in this matter, which can then be challenged. Ireland’s WhatsApp fine increased of the initially proposed fine of barely 30 million euros (31.8 million dollars) to 225 million euros (238.5 million dollars) after the intervention of other regulators. Another Irish case against Instagram is currently being discussed, according to Dixon, which will add months to its final outcome.

The One Stop Shop was created under the GPDR, which means the process started off with some teething problems, but four years later there is still a lot to improve. Tobias Judin, head of international at the Norwegian Data Protection Authority, says that every week several draft decisions are circulated among European data regulators. “In the vast majority of these cases, we actually agree,” Judin says. (German authorities object the most.) Decisions can face a lot of back and forth between regulators, wrapped in bureaucracy. “We are wondering whether in cases that have an impact on a European scale it makes sense and whether it is possible for these cases to be dealt with by a single data protection authority until we reach the stage of the decision,” says Judin.

Luxembourg’s data regulator fined Amazon a record 746 million euros ($790.6 million) last year, its first case against the retailer. Amazon is challenging the fine in court – in a statement to WIRED, the company repeated its claim that “there was no data breach and no customer data was exposed to any third party” – but the Luxembourg regulator says investigations will always be lengthy although it is bringing new ways to investigate companies. “I think that in less than a year or a year and a half, I think it is almost impossible to have it closed before such a delay,” says Alain Herrmann, one of the four Luxembourg commissioners at the Data protection. “There are huge [amounts of] information to process. Herrmann says Luxembourg has a few other international affairs going on, but national secrecy laws prevent him from discussing them. “It’s just the [one-stop-shop] system, lack of resources, lack of clear laws and procedures, which makes their job even more difficult,” says Robert.

Comments are closed.