Donata Kalnenaite is an attorney focusing on business and privacy matters. She is also the co-founder and President of Termageddon, a websit Donata Kalnenaite is an attorney focusing on business and privacy matters. She is also the co-founder and President of Termageddon, a website and app policy generator.
“Reading is hard and we just don’t want to do it,” scream the European Union countries like frightened children at the sight of their first reading test. The reading test of course being the General Data Protection Regulation (GDPR) whose sole purpose is to protect the vital right to privacy of European Union residents. A right that we can only dream of here in the United States of Big Brother.
Should we face the facts here or should we just pat them on the back, give them a bottle of milk and tell them that “sweetheart, you tried. That’s all you can really do”?
GDPR is a law that came into effect on May 25, 2018 and provides European Union residents with rights such as the ability to access their collected information, the ability to have such information amended and the the right to the deletion of the information. While the law is robust, the European Union countries have known about it since April of 2016 when the law was voted to take effect two years later.
Furthermore, data protection laws enacted years before, such as the Data Protection Directive, which went into effect in 1995, had very similar requirements to GDPR. However, that law was essentially forgotten after most of the member states failed to implement laws necessary for the protection of data. Is this what’s to come for GDPR?
Two years to become ready should have been enough. So why are they still so woefully unprepared to enforce these rights, two weeks after the law coming into effect? In a Reuters survey on the subject, seventeen out of twenty four authorities that responded stated that they do not currently have the necessary funding or powers to fully enforce GDPR. The reason why they are not ready to enforce GPDR is because many European Union countries do not have the proper laws in place.
Under GDPR, each member state has the power and is required to put laws on the books that aligns with GDPR and, not surprisingly, many countries have failed to do so. As of April 24, according to the International Association of Privacy Professionals, only four European Union member states have such laws on the books: Germany, Belgium, Austria, and Poland.
Most of the responders to the Reuters survey stated that they would reactively respond to complaints and some stated that they would not actively pursue companies that may be in violation of GDPR. This reactive approach is, as they say, “good enough for the government.” But is it good enough for the people?
Finally, there is a law on the books that protects the right to the privacy of our own information letting us breathe in this world of big data and companies that know everything about you from what kind of juice you like to drink to your social security number and personal address. And now they are saying that they do not have the funding, the power or the will to actually enforce that right to privacy?
Regarding the preparedness of these countries to GDPR, European Union justice commissioner Vera Jourova has stated that all 26 European Union member states are “in a big rush now.” C’mon European Union, don’t be this guy: In order to be fully prepared, the member states may need to repeal or re-write some of the current laws on the books, establish national enforcement procedures and establish the GDPR enforcement authorities. It has also been discussed that privacy activists will be taking the lead on bringing complaints to member states once the member states have established the proper channels and authorities to act on those complaints.
We the people don’t really ask for much and we get even less. So please get your act together and enforce our vital right to privacy.
Get the TNW newsletter
Get the most important tech news in your inbox each week.