Two years after the GDPR went into effect, official data show that Data Protection Authorities (DPAs), crippled by a lack of resources, tight budgets, and administrative hurdles, have not yet been able to create adequate GDPR enforcement.
Worse, some public authorities have grossly misused the GDPR to undermine other fundamental rights such as the right to free expression and freedom of the press, Access Now reveals.
The GDPR’s first two years have been marked by crisis, whether internal, external, political, geopolitical, or administrative. Beyond enforcement challenges, the report explores how these crises have impacted the protection of personal data in the EU, taking a close look at both Brexit and the COVID-19 outbreak.
“Through this report, we raise the alarm to the EU institutions and Data Protection Authorities that it’s high time to act to enforce the GDPR and condemn its misuses,” said Estelle Massé, Senior Policy Analyst and Global Data Protection Lead at Access Now.
“The European Union may have the best law in the world for the protection of personal data, but if it is not enforced, it risks being as useful as a chocolate teapot.”
The GDPR remains a strong framework, and if authorities take urgent action, it can go a long way in defending people’s fundamental rights.