Schrems: ‘European DPAs aren’t enforcing GDPR’

According to Max Schrems, Chairman of Austrian privacy organization Noyb, European data protection authorities (DPAs) aren’t enforcing the General Data Protection Regulation (GDPR). Instead, they seem more concerned with dismissing citizens’ privacy complaints.
Schrems made this statement after the Austrian DPA received a slap on the wrist from the Court of Justice of the European Union (CJEU).
The privacy supervisor had set the number of complaints citizens could file at a maximum of two per month. According to the Court of Justice, that’s a violation of the GDPR. Citizens should be able to report all privacy violations to the Datenschutzbehörde (DSB), even if it’s more than two per month.
But rather than taking privacy complaints into consideration, Schrems says that the DSB has come up with ‘tricks’ to discontinue proceedings against companies as much as possible. Limiting the number of complaints to two per month has now been thwarted by the Court of Justice.
“You always have fundamental rights, not just twice a month. If the DSB consistently punished violations, there would also be fewer complaints. Instead, the authority uses various techniques to get rid of complainants. Companies have learned that there are no consequences. With various procedural tricks, a large proportion of complaints are averted, and companies happily continue to break the law,” Schrems says in a statement.
However, according to the Noyb Chairman, this isn’t solely an Austrian problem. In 2022, all European DPAs received a combined total of 140,106 privacy complaints, but only 1,819 fines were issued. The risk of receiving a fine for privacy violations is slim to none.
“We see that data protection authorities do not really take action throughout the EU. The Court of Justice has now repeatedly told them that they have to get their act together, but the statistics do not reflect that,” Schrems explains.
Schrems recommends increasing the budget for DPAs so they can become more effective and efficient.
“If the DSB finally woke up from its slumber and received a decent budget for doing so, it could quickly pay off. A GDPR penalty against Google, for example, is more than our share of the Brenner Base Tunnel, just to give you an idea of the scale,” he points out.
Your email address will not be published. Required fields are marked