The Commission does not intend, at this stage, to review the General Data Protection Regulation (GDPR). This is what emerges from the evaluation report it published on Wednesday 24 June on this instrument, which has been applicable throughout the EU for just over 2 years.
This document is accompanied by a communication on EU law compliance with the data protection directive in the field of law enforcement.
The GDPR provides individuals with rights such as the right of access, rectification, erasure, right to object, portability and increased transparency. "Some people were predicting tedious rules that would put a brake on innovation. Well, that didn't happen. On the contrary, the GDPR is a good example of how to give people more control over their data in an increasingly digital economy", commented the Vice President for Values and Transparency, Věra Jourová, at a press conference.
However, the implementation report acknowledges several weaknesses, in particular regarding data protection authorities' lack of resources, differences in interpretation and obstacles to cross-border cooperation. It lists actions to further facilitate the application of the GDPR.
Lack of resources for national authorities
One of the most frequent criticisms of the GDPR relates to the under-funding of data protection authorities. "The total budget of all data protection authorities in the EU, [...] €325 million euros [...], is the equivalent of Facebook's revenue in Europe in a little more than a week. Only four data protection authorities in the EU have more than 10 tech specialists", commented Sophie in 't Veld (Renew Europe, Netherlands) at the release of the report. The MEP is particularly concerned that the data protection authorities in Ireland or Luxembourg are responsible for keeping an eye on the US giants on the grounds that they are registered on their territory. This criticism is also echoed by the European Data Protection Supervisor, Wojciech Wiewiórowski.
While they did not deny this situation, Commissioners Didier Reynders and Věra Jourová did not seem particularly worried that some platforms would take advantage of this loophole. "We have no reason for concern (...) I am aware that some authorities are overwhelmed. But I have received strong commitments from the Member States on their intention to increase budgets", said Ms Jourová, noting that, overall, these authorities had seen their staff numbers increase by 42% and their budget by 49% between 2016 and 2019.
This evaluation report was planned for in the GDPR itself. The next such report is due in 2024, the Commission points out (see the evaluation report: https://bit.ly/2CDN3Jl ).
Data protection in the field of law enforcement
In a separate Communication, the Commission also suggests aligning ten legal acts related to the prevention, detection and combating of criminal offences with European data protection rules. These include in particular the Framework Decision 2002/584/JHA on the European Arrest Warrant and Council Common Position 2005/69/JHA on the exchange of information with Interpol.
The Communication details how the Commission intends to bring these acts - adopted before the entry into force of the Data Protection Directive in the field of law enforcement - in line with current data protection legislation. It also contains a timetable indicating how the Commission will proceed.
See the communication: https://bit.ly/31fKMy6 (Original version in French by Sophie Petitjean)