Today, 4 July, the European Commission has presented a new regulation aimed at strengthening enforcement of the General Data Protection Regulation (GDPR), which came into application five years ago. This flagship human rights law was intended to help people across the EU protect their data, but with regulators struggling to enforce the law, its success hangs in the balance.
To remedy this situation, Access Now had already joined partner organisations and data protection regulators in asking the European Commission to increase resources for EU national data protection authorities (DPAs) and to propose new legislation to tackle enforcement challenges. While the proposed regulation clarifies how DPAs should work together, it also places limits on how people can participate in complaints they bring to DPAs around misuse of their data.
Until now, GDPR complaints have been resolved slowly and variably across the EU. While the GDPR established a cooperation mechanism for DPAs to work together on cross-border cases, most DPAs have continued to rely on national administrative procedures to operate within this system, resulting in a fragmented and delayed application of the law. Among other measures, the regulation proposed today partly harmonises procedures for all DPAs to follow, to ensure consistency and minimise discrepancies.
Access Now looks forward to contributing to debates in the months ahead, to ensure this new regulation realises the ultimate goal of the GDPR: putting people in charge and at the centre of decisions about what happens to their data.
For more information on what this new proposal should include to protect people’s rights, read Access Now’s report, Five years under the EU GDPR: Becoming an enforcement success.