Nine months after the General Data Protection Regulation (GDPR) entered into force there is increasing concern about the state of implementation and the consistent application of the rules across Member States. While it is the duty of the national data protection authorities (DPAs) to properly enforce the GDPR's standards, many of them are unable to fully carry out this task due to their financial and human resources constraints.
ALDE sees the latest report of the European Data Protection Board as proof of shortcomings in various countries including Spain, Romania, Greece and Italy, where the DPAs do not get the necessary resources to effectively perform their new tasks, exercise their powers or be totally independent. This can create a weak link in mutual assistance and cooperation between the DPAs in the whole EU.
Sophie in 't Veld MEP, ALDE's spokesperson on the GDRP commented before tomorrow's hearing1:
"On paper the GDPR is the best data protection law in the world, but Member States still seem to be neglectful when it comes to implementation. In particular, the Spanish and Romanian governments seem not to have learned from the Cambridge Analytica scandal, as their new data protection laws allow political parties to process users' data without their consent, which is very dangerous for democracy, especially in view of the upcoming elections.
Research shows that most national supervisors currently only have a fraction of the resources they need. If Member States do not provide enough financial and human resources to national supervisors, these cannot properly perform their new tasks and powers. This threatens the state of data protection in the EU as a whole. I call on the Commission to start infringement procedures immediately against Member States that still do not provide enough resources to data protection watchdogs, nine months after the implantation deadline of the GDPR."
1Note to the editors: On the initiative of ALDE, Parliament will hold a hearing tomorrow about the Implementation of the GDPR with a special focus on the role and the means of the DPAs - exchange of views with Andrea JELINEK, Chair of the European Data Protection Board (EDPB) and Willem DEBEUCKELAERE, President of the Belgian Data Protection Authority and Deputy Chair of the EDPB and a representative of the European Commission (Tuesday 26 February, 09.45-11.15, EP Brussels, PHS 3C50)