The European Union’s General Data Protection Regulation (GDPR) was implemented on 25 May 2018 to harmonise and strengthen data protection and privacy across Europe. To mark its first anniversary, the European Commission welcomed representatives from data protection authorities, businesses and civil society on 13 June in Brussels.
Opening the event last week was Věra Jourová, the Commissioner for Justice, Consumers and Gender Equality. She first announced several European Commission initiatives, including the publication of a Commission Communication on stock-taking of the GDPR in June or July to contain input from this event, as wells as a 2020 review of the regulation to be undertaken by her successor. Jourová shared the Commission’s Eurobarometer survey on the GDPR, revealing that 73% of Europeans are now aware of at least one of their rights to digital privacy and data protection. She also announced the launch of the European Commission’s awareness campaign to encourage citizens to optimise their privacy settings and regain control of their personal data.
In her speech, Commissioner Jourová asserted her commitment to the GDPR and set out a list of priorities. First, the rules should be applied and implemented uniformly across all member states to fulfil the GDPR’s promise; one continent, one law. Secondly, the Commissioner called for the creation of a European culture of privacy across the various data protection authorities to encourage the efficient and pragmatic enforcement by the European Data Protection Board. Finally, the innovative tools of the GDPR – standard contractual clauses, certification, or codes of conduct – should be used to help businesses comply with the GDPR by reducing compliance costs and creating safe havens.
Following this, a panel with Irish Data Protection Commissioner Helen Dixon addressed the effectiveness of GDPR enforcement. Specifically, she discussed the need to allocate more resources to data protection authorities. After refuting criticism regarding the lack of consequences for GDPR infractions, she stressed the importance of due process and the right for all parties to be heard. She assured the audience that fines enforcing the GDPR will come as staff data protection authorities handle each case quicker than the previous one.
The discussions of the day demonstrated Europe’s commitment to enhanced data protection. With new initiatives to improve enforcement and encourage public awareness, citizens will continue to take greater notice of their data privacy rights. Additionally, digital companies will need to continue to consider their obligations and alter their practices accordingly to avoid being caught up in the wave of enforcement measures and costly fines expected to come into force during the GDPR’s second year.
Simona Lipstaite, Public Policy Manager, Access Partnership
Catherine Williams, Public Policy Analyst, Access Partnership