The European Commission has responded to criticism of sluggish privacy investigations and the disproportionate authority of the Irish privacy regulator over Big Tech by introducing new measures to expedite cross-border cases, as reported by Reuters on July 4. Detractors argue that the lengthy investigations and inadequately low fines fail to deter privacy breaches by major tech companies, thereby undermining the goals of the General Data Protection Regulation (GDPR) enacted in 2018. The Irish Data Protection Commissioner, responsible for overseeing many global technology giants due to Ireland’s prominence as their base, has also faced censure from fellow regulators for imposing fines considered too lenient. In an effort to address these issues, the Commission has proposed rules that promote the timely completion of investigations, ensure swift remedies for individuals, and encourage collaborative efforts among privacy authorities.

The new regulations entail several key provisions. The primary privacy authority will be obligated to share a summary of critical issues with its counterparts, allowing for early feedback. Common deadlines for cross-border cooperation and dispute resolution will be established. Additionally, complainants whose grievances are either fully or partially rejected will have the right to be heard, ensuring their involvement in the investigative process. Similarly, companies under scrutiny will be granted the right to present their perspectives at significant stages of the procedure and access relevant case files. Despite these proposed changes, privacy advocate Max Schrems and the tech lobbying group, The Computer & Communications Industry Association, have voiced concerns about the potential shortcomings of the new procedures, such as the limitations on citizens’ existing rights and the lack of provisions for fair hearings and appeals.

Sources:

https://www.reuters.com/technology/eu-commission-revamps-procedures-speed-up-big-tech-privacy-probes-2023-07-04/