The GDPR Is Full Of Holes, Canadian Report Says

The EU’s GDPR has numerous flaws that preclude its use as a model for Canada -- and probably the United States, judging by Privacy Law Pitfalls: Lessons Learned from the European Union, a study by the Canadian Marketing Association (CMA). 

The GDPR, which took effect in 2018, “has proven after more than three years to be much better in theory than in practice,” states John Wiltshire, president and CEO of the CMA. 

Based on studies researched by the CMA, the GDPR’s many pitfalls include: 

  • Staggering regulatory burden — Governments lack the human, financial and technical resources to enforce the GDPR, according to 21 European countries surveyed by the European Data Protection Board.
  • Stifled innovation and growth — Companies have diverted sources that would been better applied to more meaningful privacy protections and innovation. That includes 23% who cited hampered plans to create new products and 22% who sought to fuel growth through international expansion. 
  • Disproportionate impact on SMEs — Small businesses have faced challenges in interpreting the GDPR even while consumer data is critical to their ability to compete and contribute to local economic growth. 
  • Complexity for consumers — EU consumers are suffering from increased “consent fatigue.” They are less likely to carefully review notices and make informed decisions, and face a slow resolution process in cross-border cases. 

Canada is expected to update its private-sector privacy law this spring, but clearly will not replicate the GDPR. The new law would replace the Personal Information Protection and Electronic Documents Act (PIPEDA), needs updating after serving for over a decade.

“The GDPR’s pitfalls show us that rigidity and complexity create extensive hurdles for businesses, governments and consumers alike, and Canada needs to take a more proportionate and less burdensome approach.” Wiltshire says.


Next story loading loading..