Due to action by the Irish Council for Civil Liberties (ICCL), more countries in the European Union (EU) will be seeing a higher degree of oversight when it comes to enforcement of the General Data Protection Regulation (GDPR). Although the GDPR was instituted in 2018, tech firms, like Amazon, Google, and Meta, have not been getting the same level of enforcement across all of Europe.
The GDPR requires member countries to monitor and enforce the regulations specifying how many and what type of ads are allowed to run online when users visit websites on the internet and how much data they can glean from each user.
The laws are based on privacy concerns that the EU created the GDPR to protect. Before the GDPR, websites and ad networks used to be able to target users with personalized ads based on their user history. The GDPR put constraints in place, limiting the ability of advertisers to track user behavior.
Until now, the burden of regulation in the EU has fallen on countries that host tech firms, Ireland, the Netherlands, Luxembourg, and France. Ireland has the highest number of these companies and has issued compliance cases against several of them which have been getting bogged down or stalled completely.
The ICCL has previously criticized that enforcement of GDPR guidelines has been uneven across the EU. However, the European Commission has now committed to looking into every large-scale GDPR case, no matter which EU country the case originates from.
The examination of each case will measure the timetable of procedural steps, and what steps data protection authorities are taking so the case progresses in a timely fashion. This oversight is planned to occur six times each year.
These actions will intensify the enforcement of the GDPR, giving the EU more teeth when dealing with Big Tech.
With the additional enforcement across the EU, cases will no longer stall or go dormant. The examination by the Commission will accelerate both investigations and enforcement and highlight the countries that aren't applying the GDPR regulation. These actions will intensify the enforcement of the GDPR, giving the EU more teeth when dealing with Big Tech.
This overhaul in how the European Commission oversees the GDPR is the result of action taken by the ICCL beginning in September 2021. At that time, the ICCL alerted the Commission to the lack of EU-wide consistent enforcement and asked for the Commission to monitor cases across the entire EU. This effort also included a complaint with the EU Ombudsman.
In December 2022, the EU Ombudsman made a recommendation to the Commission to monitor all of the cases against Big Tech that were being prosecuted by the Irish Data Protection Commission. The current change in policy by the Commission goes further, monitoring all the large-scale cases in Ireland and all of the rest of the EU.
Government watchdogs will be forced to speed up their enforcement and communications with the EU as a whole. While cases will be conducted behind closed doors, advertisers are sure to see changes in how they can present ads to website users.