Skip to content
News
EN

EU pledged to improve GDPR cooperation - and made it worse

noyb - European Center for Digital Rights

Content

National Administrative Procedures and DPA inactivity As of 2018, the GDPR is supposed to ensure that Europeans enjoy privacy rights throughout the entire EU. However, when people's rights are violated by companies based in another EU/EEA Member State, complaints are dealt with through a complex "cooperation mechanism" between the Data Protection Authority (DPA) in the users' Member State and the DPA in the company's Member State. This enforcement mechanism is at the core of the generally acknowledged enforcement failure of the GDPR. Complaints get lost, decisions take years and there is virtually no possibility to act against inactive DPAs. The EU has ventured to solve this through a "GDPR Procedural Regulation". But it becomes clear now, that it is about to fail miserably. The final so-called “trilogue” negotiations between the European Parliament, the Member States and the European Commission has led to a legislative mess that will likely make procedures more complex, slower and pro