Call it toothless or a paper tiger, but Europe’s GDPR is not being enforced, Politico argues in an article.
Politico asserts that, “Aside from a €50 million fine that France's privacy regulator imposed on Google in January, there have been no fines or remedies levied at a U.S. giant since the GDPR came into effect.”
The report quotes an unnamed spokesperson for Hamburg’s data protection authority that, "After nearly one and a half years we must concede that we have a huge problem with the enforcement of cross-border processing, especially by globally acting companies."
The spokesperson continues, “It is absolutely unsatisfactory to see that the biggest alleged data protection violations of the last 15 months with millions of individuals [concerned] are far away from being sanctioned."
However, there’s no blame to be shared: “Irish privacy chief Helen Dixon told Politico that 'the delays have to do with the complexity of enforcing a new law.'”
Among the obstacles to rigorous enforcement are a bureaucratic logjam, a tendency by some authorities to engage rather than legally confront, and a lack of transparency and cooperation between data authorities, the article continues.