The General Data Protection Regulation (GDPR) will blow its fourth candle. Although the pace of sanctions is accelerating and corporate behavior is improving, this tool does not appear to have reached its full potential.

GDPR is the greatest pride of the European Commission under the leadership of Jean-Claude Juncker. Effective May 4, 2018, after four years of fierce negotiations between the 28 member states, this ambitious regulation aims to significantly strengthen the rights of European cyber citizens. To this end, Texaste has set up a legislative framework and a number of rules that all companies holding personal data must comply with in the European Union. Beyond consumer protection, Europe intended to use its full weight to fight Gaffam’s dominance of the Internet.

6 1.6 billion in fines

These laws have inspired many countries and regions around the world. This is the situation in California with the California Consumer Privacy Act (CCPA) passed in June 2018. Provide a law with similar objectives to the European GDPR, that is, a legal framework that further protects the personal data of citizens and consumers. . Other countries, such as Japan or China, are working on new data protection laws, or have already done so.

However, GDPR is not the perfect tool, and some are asking for adjustments to make it more effective. American media Wired Published a lengthy analysisWe invite you to read.

If complaints accumulate quickly, sanctions will take time to ease. The number of fines increased with the age of the legislature, reaching a total of 1. 1.6 billion. But a year ago, the amount of these cumulative fines was about 300 million euros. We had to wait for two record sanctions in connection with earlier cases to cross the billion euro.

Luxembourg has fined Amazon 74 746 million, while Ireland has fined WhatsApp 22 225 million. Some complaints that require lengthy inquiries are still being processed, such as my 4 year old privacy is not your business (NYOB). This is not surprising when it comes to powerful companies like Facebook, Apple or Google.

Concentration and delay

Once the GDPR is created, it is called a “one-stop shop”, meaning it handles complaints against a particular company in a country. Luxembourg, for example, handles complaints against Amazon, while the Netherlands handles Netflix, while Ireland is responsible for the various organizations linked to Meta and Google.

Thus, each week, several draft decisions are circulated among European data regulators. Back and forth it slows down the decision-making process, while the various authorities are often in agreement. In the case of Ireland in particular, the workload imposed by these large corporations has led to delays and additional paperwork. In short the play of the bureaucracy.

Finally, there are some countries that are reluctant to implement regulation, which is another factor to consider in improving the scope of GDPR. Europe, for example, has launched a breach of lawsuit against Slovenia for not importing GDPR into its national law, while the Belgian Data Authority has been accused of not being sufficiently independent. Others, like France, outperform GDPR by directly following the use of cookies by companies.

However, the impact of GDPR is not entirely measured in terms of fines: companies’ behavior against consumers will improve the text, fearing sanctions – exactly -.