Having celebrated the first anniversary of the General Data Protection Regulation (GDPR) on 22 May (see EUROPE 12260/14), the European Commission launched a comprehensive review of its implementation on Thursday 13 June at an event in Brussels bringing together regulators, civil society and business.
“In general I see GDPR still as a baby that is growing fast and is doing well. But we need to continue to nurture it well”, said the European Commissioner for Justice, Věra Jourová.
She took stock of several of the GDPR's “promises”, including that of giving citizens more tools to control their personal data. According to the results of a Eurobarometer survey published on the same day, too many citizens are still not aware of their rights and do not use the possibility of changing their privacy settings, the Commissioner regretted, announcing at the same time the launch of an awareness campaign for citizens.
The survey results show that 67% of respondents are aware of the GDPR - although not all of them know exactly what it is - and 73% of them have heard of at least one of the six tested rights guaranteed by the regulation.
But just over one in five say they are always informed about the conditions attached to the collection and use of their personal data online, and only a minority (13%) fully read privacy statements online, often considered too long or unclear.
In addition, the survey shows that the majority of social network users (56%) have tried to change the default privacy settings of their profile. The most common reason for not doing it are that users trust sites to set appropriate privacy settings (29%) or that they do not know how to do it.
Greece, Portugal and Slovenia again singled out
Commissioner Věra Jourová once again singled out Greece, Portugal and Slovenia, which are still not in compliance with European law, asking them to comply as a matter of “urgency”.
The Commission is also in the process of assessing in detail the national implementing legislation of the Member States and the Commissioner warned against the temptation to add additional conditions or to make a broad interpretation of the GDPR. Some Member States, especially those with federal structures such as Germany, must ensure that regional levels also do their part, she said.
Commissioner Jourová indicated that she would keep the GDPR at the top of her agenda until the end of her mandate. The Commission will also publish a communication giving an overview of the application of the GDPR before the summer. (Original version in French by Marion Fontana)