New data from Brave show that European governments have not equipped their national authorities to enforce the GDPR.
Brave presents Europe’s governments are failing the GDPR, a report on data protection authorities’ (DPAs) capacity to enforce against tech infringements of the GDPR.
Two years after the GDPR was first applied, the GDPR is now in danger of failing. Today, Brave reveals why: the governments of EU Member States have not given data protection authorities (DPAs) the tools they need to enforce the GDPR.
Brave has examined the number of tech specialists working in each DPA in the European Economic Area. (These are tech investigations who have training or roles that are principally technical.) Our data reveal just how few expert tech investigators are working to uncover private sector GDPR infringements. Even when wrongdoing is clear, DPAs hesitate to use their powers against major tech firms because they can not afford the cost of legally defending their decisions against ‘Big Tech’ legal firepower. Even when wrongdoing is clear, DPAs hesitate to use their powers against major tech firms because they can not afford the cost of legally defending their decisions against ‘Big Tech’ legal firepower.
“If the GDPR is at risk of failing, the fault lies with national governments, not with the data protection authorities”, said Dr Johnny Ryan of Brave.
“Robust, adversarial enforcement is essential. GDPR enforcers must be able to properly investigate ‘big tech’, and act without fear of vexatious appeals. But the national governments of European countries have not given them the resources to do so. The European Commission must intervene.”