The concept of online security and data protection has been a battle that has been going on since the dawn of the digital age. Examples such as the Cambridge Analytica scandal triggered a number of national governments and organizations to rally behind a single cause: protecting consumer data, no matter what.
After a lot of discussions and deliberations, the General Data Protection Regulation [GDPR] came to life in the European Union, a step to address the transfer of personal data outside the EU and EEA areas. Two years since its inception, Brave has discovered that several European governments have not equipped their national authorities to enforce the much talked about GDPR.
Brave’s analysis showed that the GDRP was in danger of failing due to the lack of focus on the implementation of the regulation across EU states. Very few tech investigators have been identified to be involved in the exploration of private sector GDPR issues. Analysts have claimed that the fall of the GDPR must be attributed to the EU governments and not to the data protection authorities.
Research showed that even when mistakes were spotted within the data protection system, DPA’s held back while punishing big technology firms. The main reason for this was that government entities cannot keep up with the financial burden that comes with fighting bigwigs such as Facebook and Amazon. Brave’s Dr. Johnny Ryna had said:
“Robust, adversarial enforcement is essential. GDPR enforcers must be able to properly investigate ‘big tech’, and act without fear of vexatious appeals. But the national governments of European countries have not given them the resources to do so. The European Commission must intervene.”
Brave claimed that out of the twenty-eight national GDPR enforcers in Europe, only five had more than ten technology specialists. This meant that very few regions actually had the capacity to go head-to-head with giant technology corporations. Almost half of EU’s GDPR enforcers have small budgets in the range of 5 million pounds, a measly amount compared to the war chests held by companies.
According to the data presented by Brave, the UK government’s privacy watchdog was the largest and the most expensive to run. With its research, Brave has called upon all national agencies within the GDPR to enforce strict privacy protocols. The Irish Data Protection Commission Commission reported that the number of companies it deals with has only gone up while the incoming budget decreased.
The Brave report suggested multiple solutions for countries in the EU to bolster their GDPR developments. One recommendation was to expand DPA technology specialists within the specified regions, a step to track all wrongdoings within the sphere. The next step was to fund DPA properly so that they could fight companies in courts if they flout “enforcement decisions”. Another suggestion was to develop a specialized EU unite to assist national DPAs with regards to technology investigations.