DGeneral data protection regulation is considered to be one of the biggest achievements of the European Union. More than 100 third countries have designed their data protection laws based on GDPR. At the same time, the cases in the European Union do not end there. Small businesses complain about bureaucratic effort, while the real target, Internet corporations, often remain intact. To critics, the GDPR is just a paper tiger – especially since the responsible authorities are not equipped to enforce the law. This is exactly what two new studies by the Irish Council for Civil Liberties and the European Data Protection Board, a non-governmental organization, show. Both studies are available for FAZ only.

According to the authors of the Irish study, which will be officially unveiled this Monday, the biggest “obstacle” is the authority of their country. They are responsible for Internet companies such as Apple, Google, Facebook, Microsoft, eBay, Tick Tock, and Twitter, as their European Union is headquartered in Ireland. Of the 164 cross-border procedures, the Irish Authority sent draft decisions to the European Data Protection Supervisory Authority in four cases by May 2021 – with 98 per cent of the cases open. “Implementing the GDPR against tech companies is because Ireland failed to submit draft decisions,” the authors write.