The European Commission (EC) outlined new rules to help domestic regulators ensure stronger enforcement of General Data Protection Regulation (GDPR), following reported criticism of the handling of privacy breaches by technology companies.
Reuters reported the EC’s move came in response to criticism about fines being too low and investigations taking too long to deter the likes of Google, Amazon and Meta Platforms from breaching GDPR laws.
To address the situation, the EC published new guidelines it stated will streamline cooperation between Data Protection Authorities (DPA) when enforcing GDPR across borders, while harmonising the process in numerous areas.
The changes will require the lead DPA to send a summary of key issues to its peers to allow for feedback at an early stage in any investigation, contribute to reducing last-minute disagreements and promote a consensus among authorities.
Companies under investigation will have the right to be heard at key stages of the investigation process, as will complainants.
“The harmonisation of these procedural aspects will support the timely completion of investigations” and, in turn “delivery of a swift remedies for individuals,” the EC stated.
Despite the changes, the EC was keen to point out GDPR is working, citing 711 final decisions made with “fines of hundreds of millions of euros” imposed in some cases.
Meta Platforms was recently hit with a €1.2 billion fine over data protection breaches, reportedly the bloc’s highest such penalty to-date.