General Data Protection Regulation (GDPR) , Governance & Risk Management , Privacy

Europe Will 'Streamline' Cross-Border GDPR Enforcement

European Commission Anticipates 'Cooperation' Proposal After March
Europe Will 'Streamline' Cross-Border GDPR Enforcement
The Berlaymont building in Brussels, which houses the European Commission (Image: Dimitris Avramopoulos/CC BY-SA 2.0)

The European Commission is preparing a proposal mandating more cooperation among national government agencies charged with enforcing the continent's General Data Protection Regulation. Details of the proposal are scarce. The commission only has stated that it plans sometimes after March to publish a proposed rule meant to "streamline cooperation between national data protection authorities."

See Also: The Ultimate PIA and DPIA Handbook for Privacy Professionals

The GDPR, which came into effect in 2018, is among the world's toughest privacy rules, and major companies including Facebook and Google have been fined millions of euros for violations. The rule allows data protection authorities to levy fines of up to 4% of a company's global annual turnover. International law firm CMS estimates European data protection authorities have imposed GDPR fines totaling more than 2 billion euros so far.

Nationally driven enforcement of the regulation has emerged as a sore point for some during the GDPR's first half decade, and critics especially have called out the Irish Data Protection Authority. A slew of American tech companies - including Google, Facebook, Microsoft, PayPal and Salesforce - have their European or international headquarters in Dublin, giving the Irish data protection authority jurisdiction over their privacy practices. Critics contend the Irish commission soft-pedals enforcement against tech companies - an assertion Irish commission head Helen Dixon has contested, pointing to "very significant sanctions" and the complexity of the regulation.

The European Commission in January took steps to flex its authority, telling national data protection authorities to send periodic reports detailing "large-scale cross-border investigations."

The European Data Protection Board, the pan-European agency charged with ensuring consistent application of the GDPR, is embroiled in a fight with the Irish commission stoked by its December decision to order the Irish authority into a fresh investigation of WhatsApp to determine if the app's use of behavioral marketing violates the GDPR.

The Irish authority says the board lacks the authority to order investigations. "The EDPB does not have a general supervision role akin to national courts in respect of national independent authorities and it is not open to the EDPB to instruct and direct an authority to engage in open-ended and speculative investigation," it wrote, stating that it could take the matter before the Court of Justice of the European Union.


About the Author

Akshaya Asokan

Akshaya Asokan

Senior Correspondent, ISMG

Asokan is a U.K.-based senior correspondent for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.