Brave is among those who believe that the enforcement of the GDPR (General Data Protection Regulation) is already failing hard, and its report is putting down the reasons for the flop. The main causes are: the national data protection agencies employ a small number of tech specialists, they are generally under-budgeted, and do not fully comprehend matters of privacy or even the very articles of GDPR. Moreover, they have no powerful means of enforcement on a national level. Two years after the introduction of GDPR, we’re on the verge of seeing the law pass into the sphere of inapplicability, which is the worst-case scenario.
These are the key reasons for failure, as Brave identifies them in its report:
DPA budgets peaked with the introduction of GDPR, and are now gradually getting axed. This happened before DPA offices could establish a strong presence and pose a compelling regulatory force in their respective countries, so their role is undermined and downgraded by their own governments.
The only nation that is doing relatively well in the enforcement of the GDPR is Germany, which employs 29% of all of Europe’s DPA tech specialists. Germany is leading the way, but all of the rest seem to be unable to follow. In terms of investing in the DPAs, Germany is also very high in the list, with €58.9 million annually, while the UK ICO tops with €61 million. Cyprus, Malta, and Estonia, on the other side, are spending less than one million EUR for the same purpose.
So, what can be done for the GDPR to be saved? Governments need to get more serious about its enforcement, investing more in them while also ensuring that more DPA officers have a deep and vast knowledge around matters of tech. As we enter an age of extreme recession, it will get tough for European countries to justify these expenditures, so the responsibility will pass over to the private entities and, eventually, the citizens.