How GDPR Is Failing

Several early and complex GDPR complaints have led to backlogs at regulators, and paperwork has slowed down international cooperation.

• Since May 2018, the Irish regulator, responsible for Meta's Facebook, WhatsApp, and Instagram, plus all of Google's services, Airbnb, Yahoo, Twitter, Microsoft, Apple, and LinkedIn, has completed 65 per cent of over 400 cases involving cross border decisions.
• Other cases against Netflix (Netherlands), Spotify (Sweden), and PimEyes (Poland) have been ongoing for years.

Yet Europe's data regulators claim GDPR enforcement is working well and improving.

Despite enforcement problems, GDPR has had an incalculable effect on data practices broadly.

• EU countries have made decisions in thousands of local cases and issued guidance to organizations to say how they should use people’s data.
• Some of GDPR’s impact is also hidden. For example, it has improved company behaviours. Companies have stopped using people’s data suspiciously when they wouldn’t have thought twice about it before GDPR.

At Big Tech levels where data is plentiful, the scale of complying with GDPR is different.

A recent internal Facebook document hints that the company doesn't really know what it does with personal data. Similarly, serious shortcomings are present in the way Amazon handles customer data.

• Enforcement should be more centralised for big affairs instead of being funnelled to the country where Big Tech's main European headquarters are based.
• Europe has passed two pieces of digital regulation: The Digital Services Act and the Digital Markets Act. The laws focus on competition and internet safety and handle enforcement different from GDPR.
• Smaller tweaks in the GDPR could improve enforcement.