Communications Litigation Today was a Warren News publication.

As GDPR Turns 5, EC Plans Tougher Cross-Border Enforcement

Better harmonization of cross-border data protection enforcement is needed, the European Commission said Wednesday. There have been over 2,000 cross-border cases since the general data protection regulation (GDPR) took effect five years ago, with over $2.7 billion in fines imposed by national data protection authorities (DPAs) for breaches, the EC statement said. "Thorough application" of the regulation remains a top priority, so the EC will "soon" propose new legislation to standardize some procedures of cooperation between DPAs in cross-border cases. "At the heart of the GDPR lies trust," said Values and Transparency Vice President Vera Jourova and Justice Commissioner Didier Reynders. "Looking back, we have successfully created a modern data protection culture in Europe, which has been a source of inspiration also in other parts of the world." They cited "more and more appetite" internationally to raise privacy standards and, in that way, to facilitate free, safe data flows. GDPR enforcement over the past five years "has had major flaws and today it is still very much work in progress," emailed Ursula Pachl, deputy director-general, European Consumer Organisation (BEUC). For example, BEUC launched a coordinated campaign against Google's widespread tracking of consumers' data in November 2018 "and we are still waiting for the final decision from the Irish data protection authority." EC plans to harmonize cross-border rules "could deliver some real improvements."