The European Commission has announced the introduction of new rules aimed at facilitating faster cross-border investigations by privacy watchdogs.
Critics, however, argue that investigations into privacy breaches by big tech companies often take too long, and the resulting fines are insufficient to deter such breaches, thereby undermining the effectiveness of the EU’s General Data Protection Regulation implemented in 2018.
The Irish Data Protection Commissioner, as the lead regulator in the EU due to many major technology firms being headquartered in Ireland, has also faced criticism from its counterparts for imposing fines perceived as too lenient.
In a statement, the European Commission stated, “The harmonisation of these procedural aspects will support the timely completion of investigations and the delivery of swift remedies for individuals.”
Under the new rules, the primary privacy authority will be required to share a summary of key issues with other regulators, enabling them to provide early feedback.
Additionally, common deadlines for cross-border cooperation and dispute resolution will be established.
Complainants will have the right to be heard if their complaints are fully or partially rejected, ensuring their active involvement in investigations conducted by regulators.
Simultaneously, companies under investigation will be granted the right to be heard during key stages of the procedure and access relevant files.
Privacy activist, Max Schrems, who has filed complaints against Meta Platforms and Alphabet’s Google, criticized the new procedures.
Schrems argued, “The Commission proposal seems to be technically and materially flawed and rather strips citizens of existing rights than ensuring their enforcement.”
The Computer & Communications Industry Association, a tech lobbying group, also expressed concerns about the new rules, specifically highlighting deficiencies in the right of companies to appeal and the right to a fair hearing within a reasonable timeframe.
