Cross-border GDPR enforcement lagging behind, report finds

European consumer protection umbrella group Beuc has released a new report that examines the question of whether cross-border enforcement of GDPR is as effective as it should be.

For example, Google is still successfully monetising users’ location data and making billions in ad revenue despite coming under the legislation’s scrutiny.

Ireland’s Data Protection Commission (DPC) did open an investigation in February this year, but at the current rate, it could take years before the tech giant faces any regulatory action in Europe.

The good news is that CNIL, the French data watchdog, was able to issue Google a $57m fine in summer 2020

Although Google filed an appeal, it was denied in court.

In Ireland, multiple big names are facing GDPR probes, including:

  • LinkedIn
  • Facebook
  • WhatsApp
  • Apple

This week, Thierry Breton, the EU’s internet market commissioner, said that regional lawmakers are well aware of the GDPR enforcement bottlenecks.

Therefore, a new Data Governance Act (DGA) is in the works that will hopefully do away with these.

The report also details other procedural obstacles faced by the member organisations.

The DPC is making information and admissibility checks that are considered to be unnecessary.

The report also examines the reasons why the DPC opened an inquiry into Google’s location data activities on its own instead of making a complaint-led inquiry.

According to Beuc, such a decision introduces a risk of further delays when it comes to reaching a decision on the complaints themselves.

Another issue with how the DPC is approaching the matter is the timespan of Google’s activities.

Instead of examining everything from November 2018 and beyond, the probe is only considering events since February 2020.

This means that a good chunk of Google’s location tracking has not found itself under the magnifying glass yet.

As time goes on, Beuc is hoping for swift GDPR enforcement.