The European Commission has taken steps to address the ongoing criticism of the slow-moving privacy investigation process and the resulting fines put in place by the Irish Data Protection Commissioner (DPC).
The new rules announced on Tuesday are designed to help privacy watchdogs move quicker and work more efficiently on cross-border cases. At present, some critics feel that the investigations take too long and the fines are too light, not serving as a deterrent and disrupting the GDPR’s mission of increased privacy for individuals.
The GDPR, which came into effect in 2018, seeks to give individuals greater control over their own data and how it is used.
The new proposed regulations would require the main regulatory body to provide a summary of core issues to other agencies, allowing for effective feedback on initial developments.
Related: European Commission Sets the Agenda: ESG Reporting Requirements in the EU and the U.S.
Deadlines for cooperation between cross-border teams and dispute resolution would be set. Complainants would have the right to be heard should an investigation take place, and companies under investigation would also have the right to be heard and have access to the file.
However, the new rules have already come under fire from privacy activist Max Schrems, who believes they would “strip citizens of existing rights” rather than protect them. The Computer & Communications Industry Association, a tech lobbying group, stated that the rules were incomplete as companies do not have access to a fair hearing with a realistic timeframe.
It remains to be seen whether these new regulations will bring an end to stalling investigations and unsatisfactory fines. While the European Commission appears to be taking steps to increase transparency and speed up the process, these newly announced regulations may fall short of offering a complete solution.