Tech

Hamburg privacy boss calls for overhaul of EU privacy rules

Europes landmark privacy rules must be overhauled to ensure proper enforcement and protection of peoples rights, Johannes Caspar, a leading German regulator, said ahead of the laws two-year anniversary.

Failure to enforce the rules against big companies and a lack of cooperation between regulators have fundamentally undermined the General Data Protection Regulation (GDPR), the head of Hamburgs data protection authority told POLITICO.

“Im completely critical of the enforcement structure of the GDPR,” said Caspar, whose office is in charge of overseeing the German activities of several Silicon Valley firms. “The whole system doesnt work.”

His comments come as the blocs privacy enforcers have yet to agree on almost any penalties against large firms for potential abuse. The law passed in May of 2018 allows for penalties amounting to as much as 4 percent of a firms annual revenues in the event of a breach and has become a template for countries around the world, yet so far no blockbuster fines have been announced.

On Friday, Irelands privacy watchdog, in charge of overseeing firms like Google, Facebook, Twitter and Apple, said it had finished an investigation into Twitter, its first major move against a Big Tech company under Europes new privacy standards.

“Every month that goes by, another [international] case goes into the case register. Were postponing them until they are forgotten” — Johannes Caspar, German regulator

The draft decision, details of which were not disclosed, will now be circulated among other European privacy regulators for approval, with a final decision in that case expected late next month. Dublin also said it was close to finishing a separate privacy investigation into WhatsApp, the internet messenger owned by Facebook.

The Twitter decision is unlikely to quell disagreements between Europes community of 27 privacy regulators over enforcement against multinationals in technology, banking or other industries. Caspar has been one of the blocs most outspoken critics of the current system, under which Irelands watchdog is a key player due to the fact that many Silicon Valley firms are based in the country.

So far, Frances data protection agency issued a €50 million fine against Google in early 2019, which the search giant is appealing. The United Kingdoms regulator also said it would slap British Airways and Marriott International, the hotel chain, with a collective £282 million fine, though the ruling has been mired in legal uncertainty.

Bottomless pit

Caspar said EU agencies must be allowed to work with each other on international cases to avoid delays that can undermine peoples rights.

Under the current system, only the watchdog in the country where the company is legally established has the authority to investigate potential abuses. Other regulators are allowed to weigh in via cooperation mechanisms and must approve the final penalty.

“Time is a core issue in our digital world,” Caspar said. “Every month that goes by, another [international] case goes into the case register. Were postponing them until they are forgotten.”

Despite his calls for change, Commission officials already have confirmed they will not change the enforcementRead More – Source