Stronger enforcement is key to the effectiveness of the GDPR
On the third anniversary of the entering into force of the General Data Protection Regulation (GDPR), EDRi sent a message to Members of the European Parliament calling for stronger enforcement of the GDPR, as well as the adoption of necessary additional legislation where appropriate.
On the third anniversary of the entering into force of the General Data Protection Regulation (GDPR), EDRi sent a message to Members of the European Parliament calling for stronger enforcement of the GDPR, as well as the adoption of necessary additional legislation where appropriate.
GDPR, happy birthday!
The GDPR has been regarded as the most advanced data protection legislation in the world. The Regulation informed the revision of its global counter-part, the Convention 108+ of the Council of Europe. Even though the Regulation is not perfect, it has greatly advanced people’s right to data protection and ensuring that companies and governments respect personal data and that, when that does not happen, strong fines are issued as a last resort. However, we are aware of the weak enforcement by some Data Protection authorities, in come cases as a result of insufficient resources to deal with the many cases they deal with, sometimes as a result of the economic power of corporations over some countries. Therefore, we called on MEPs as representatives of citizens in the EU to ensure that the GDPR is enforced in all EU Member States and that any calls to weaken its protection are quickly and strongly dismissed. Our member Access Now third annual report is an excellent start to know what can be improved when enforcing the GDPR. EDRi member noyb has put forward this statement and EDRi member XNet has issued this blogpost.
GDPR invites new laws to the celebration party
The GDPR, from its inception, was to be supported by is complementary legislation: the ePrivacy Regulation. The ePrivacy Regulation (ePR) complements and particularisesthe GDPR, and is the main piece of legislation in the EU that protects the right to privacy, while the GDPR protects the right to the protection of personal data. Now that the trilogues are finally starting (4 and half years after the ePR was proposed), we call on the European Parliament (EP) to preserve the improvements that MEPs supported in the Parliament’s text and resist attempts to undermine its core principles.
Furthermore, we have been advocating to ensure that, in a combination of the ePR and the Digital Services Act (DSA), there is strong action against the surveillance advertising industry. We cannot solve problems such as disinformation, polarisation or manipulation online without tackling the business models that lead platforms and advertisers to micro-target individuals based on pervasive tracking while commercially benefiting from the spread of such online content. The EDPS Opinion on the DSA and our members’ work in this area (such as the Stop Stalker Ads campaign) and the MEP coalition against tracking ads go in the right direction to change the status quo.
Artificial Intelligence, and specifically the facial recognition, are key issues for 2021. We have put forward significant suggestions to the European Commission (EC) and the EP in order to ensure that biometric mass surveillance is truly banned in line with the general principles of a prohibition established in the GDPR and that technology is not used to control workers’, to discriminate against poor people, to deny subsidies to families or to create “social scores” to control the population.
Celebrate, and keep up the good work!
Today is a day to celebrate data protection, but also a day that reminds us the work that still needs to be done to protect people’s rights and freedoms, online and offline. While EDRi and the digital rights community celebrates the adoption of the GDPR today, we also look forward to working with policy makers tomorrow to ensure that fundamental rights are the core of digital policies.
(Contribution by:)