ICCL report reveals Europe’s struggle to regulate big tech’s data usage under GDPR

Europe’s GDPR is “largely paralyzed” in policing big tech’s data usage, says a report by the Irish Council of Civil Liberties. Despite increased funding, authorities struggle to enforce regulations effectively.

 Text, Blackboard, Electronics, Screen, Computer Hardware, Hardware, Monitor

According to a report from the Irish Council of Civil Liberties (ICCL), the European General Data Protection Regulation (GDPR) is “largely paralyzed,” and Europe is unable to effectively regulate how big tech companies use data. The report, titled “5 Years: GDPR’s Crisis Point,” suggests that lack of funding can no longer be blamed for the perceived inaction, as data protection authorities in the European Union (the EU) now have a combined budget of a third of a billion. However, 10 of the EU’s data authorities still have budgets under €2 million.

The report highlights the inadequacies of the Irish Data Protection Commission (DPC), particularly its decision-making. While the DPC claims to have applied fines of over €1 billion in 2022, two-thirds of the fines issued by European regulators last year originated from the Irish regulator. The report states that 75% of Ireland’s GDPR investigation decisions in major the EU cases were overruled by the European Data Protection Board (EDPB), which demands stricter enforcement action.

Furthermore, the ICCL report criticizes the DPC for opting for “amicable resolution” in 83% of cases involving repeat offenders and matters likely to impact many people, contrary to EDPB guidelines.