The EU’s GDPR has numerous flaws that preclude its use as a model for Canada -- and probably the United States, judging by Privacy Law Pitfalls: Lessons Learned from the European Union, a
study by the Canadian Marketing Association (CMA).
The GDPR, which took effect in 2018, “has proven after more than three years to be much better in theory than in practice,”
states John Wiltshire, president and CEO of the CMA.
Based on studies researched by the CMA, the GDPR’s many pitfalls include:
- Staggering regulatory
burden — Governments lack the human, financial and technical resources to enforce the GDPR, according to 21 European countries surveyed by the European Data Protection
Board.
- Stifled innovation and growth — Companies have diverted sources that would been better applied to more meaningful privacy protections and innovation. That includes
23% who cited hampered plans to create new products and 22% who sought to fuel growth through international expansion.
- Disproportionate impact on SMEs — Small
businesses have faced challenges in interpreting the GDPR even while consumer data is critical to their ability to compete and contribute to local economic growth.
- Complexity for consumers — EU consumers are suffering from increased “consent fatigue.” They are less likely to carefully
review notices and make informed decisions, and face a slow resolution process in cross-border cases.
advertisement
advertisement
Canada is expected to update its private-sector privacy law this
spring, but clearly will not replicate the GDPR. The new law would replace the Personal Information Protection and Electronic Documents Act (PIPEDA), needs updating after serving for over a
decade.
“The GDPR’s pitfalls show us that rigidity and complexity create extensive hurdles for businesses, governments and consumers alike, and Canada needs to take a more
proportionate and less burdensome approach.” Wiltshire says.