GDPR authorities accused of ‘inactivity’ – Computerworld

Proceedings take too long

The idea that the GDPR has brought about a shift towards a serious approach to data protection has largely proven to be wishful thinking, according to a statement from noyb. “European data protection authorities have all the necessary means to adequately sanction GDPR violations and issue fines that would prevent similar violations in the future,” Schrems says. “Instead, they frequently drag out the negotiations for years — only to decide against the complainant’s interests all too often.”

The activists speak of a specific phenomenon in data protection. in 2022, for example, the Spanish data protection authority received 15,128 complaints. However, only 378 fines were imposed — including obvious violations such as unanswered requests for information or illegal cookie banners, which could theoretically be dealt with quickly and in a standardized manner. Those responsible at noyb cite the following as a comparison: 3.7 million speeding tickets were issued in Spain in 2022. Similar ratios would apply to practically all other EU member states.

“Somehow it’s only data protection authorities that can’t be motivated to actually enforce the law they’re entrusted with,” criticizes Schrems. “In every other area, breaches of the law regularly result in monetary fines and sanctions.” Data protection authorities often act in the interests of companies rather than the data subjects, the activist suspects.