DGeneral data protection control is considered one of the great achievements ME. More than 100 third countries have designed their data protection laws based on GDPR. At the same time, the cases in the European Union do not end there. Small businesses complain about bureaucratic effort, while the real target, Internet corporations, often remain intact. To critics, the GDPR is just a paper tiger – especially since the responsible authorities are not equipped to enforce the law. This is exactly what two new studies by the Irish Council for Civil Liberties and the European Data Protection Board, a non-governmental organization, show. Both studies are available for FAZ only.

According to the authors of the Irish study, which will be officially unveiled this Monday, the biggest “obstacle” is the authority of their country. This applies to most Internet companies, such as Apple, Google, Facebook, Microsoft, eBay, TikTok, Twitter and others are responsible because the EU is headquartered in Ireland. Of the 164 cross-border procedures, the Irish Authority sent draft decisions to the European Data Protection Supervisory Authority in four cases by May 2021 – with 98 per cent of the cases open. “Implementing the GDPR against tech companies is because Ireland failed to submit draft decisions,” the authors write.