Europe’s Privacy Law Hasn’t Shown Its Teeth, Frustrating Advocates.
Titled, “Europe’s Privacy Law Hasn’t Shown Its Teeth, Frustrating Advocates,” Satariano describes the lack of enforcement that should be seen now of what was thought to be a groundbreaking international policy. Most shockingly the country at the center of the IT world, Ireland, has 127 ongoing investigations, but zero penalties have been issued. In addition to this, offices running investigations and answering violation complaints are severely underfunded, making it difficult to monitor giant technology companies under stringent guidelines. While companies like Facebook say they are committed to following the rules laid out in the General Data Protection Regulation, they are most recently suspected of sharing data between individual companies within the conglomerate. Meanwhile, Google has been the only major tech company to be fined, a hefty sum of 50 million euros. Unfortunately, that is one-tenth of Google’s daily sales. GDPR has even fewer teeth now, as the coronavirus pandemic has allowed authorities and employers to use personal data for tracking reasons, all without the data subject’s consent. This is now an essential aspect of containment strategies with member states. While this may seem a good idea to many considering the current situation, it sets a dangerous precedent. Published in April of 2020, Satariano writes that this regulation has a long way to go to accomplish its goals.
Awareness of the current lack of enforcement of the GDPR does not compel companies to abide by the law. This will allow an organization that heavily processes personal data to invest less in GRC and to move slowly in reaching the ultimate goal of GDPR. If there are minimal or no penalties at all from the European Union, there is little reason for companies to expend the resources to follow the guidelines. This limits an organization’s responsibilities to appear compliant on the surface level, but not change current processes as there are very few in-depth investigations. If a citizen asks for their data, a company is likely to comply for reasons of their public image and risk of court cases, but practices concerning general usage of data are less likely to change. Even if found guilty, the once promised hard-hitting penalties will not hit as hard.
