Cross-border Big Tech privacy cases should be handled by the EU watchdog rather than national agencies, the head of the bloc’s data protection watchdog has said, as he lamented the poor enforcement of landmark rules adopted four years ago. The rules known as the General Data Protection Regulation (GDPR) have drawn criticism over the costs of compliance and long-running investigations with few decisions.
The Irish regulator, which has oversight of Google, Meta, Apple, Microsoft and Twitter, has in particular come under fire for its slow pace of enforcement. One solution could be to hand over big cases to the European Data Protection Board (EDPB) whose members are national privacy regulators and the European Data Protection Supervisor (EDPS) which oversees EU institutions, EDPS head Wojciech Wiewiorowski said.
“I myself share views of those who believe we still do not see sufficient enforcement, in particular against Big Tech,” he told a conference. “At a certain moment, a pan-European data protection enforcement model is going to be a necessary step to ensure real and consistent high-level protection of fundamental rights to data protection and privacy across the European Union,” Wiewiorowski said. He said this could mean that key investigations, based on a certain threshold, would be done at a central level, in essence the EDPB, and subject to direct scrutiny of Europe’s top court.
Empowering the EDPB to take on Big Tech cases directly would mean changing GDPR rules, a move which the European Commission is unlikely to do under the current leadership because of insufficient time, a European Commission official told Reuters.