The European Union is eager to crack down on Big Tech's alleged privacy abuses, but the reliance on individual countries to enforce General Data Protection Regulation (GDPR) rules has led to lengthy cases with punishments that are frequently modest. There will soon be pressure to act decisively, however. The European Commission will now require that EU nations share overviews of "large-scale" GDPR investigations every two months. This includes "key procedural steps" and actions taken — national regulators will have to show they're moving forward.
The tougher approach comes after the EU Ombudsman recommended closer monitoring of Big Tech cases that fall under the Irish Data Protection Commission, which regulates Meta and other industry giants. The rights group Irish Council for Civil Liberties (ICCL) made a complaint to the Ombudsman accusing Ireland's commission of being too slow and lenient against privacy violations. Just weeks ago, Europe's Data Protection Board forced Ireland to raise a data processing fine against Meta from €28 million to €390 million ($30.4 million to $423.3 million).
As Bloomberg observes, the European Commission is already issuing reports every two years on the overall status of GDPR enforcement. However, it hasn't conducted thorough, frequent reviews of individual countries' privacy regulators. This new requirement will theoretically hold all EU member states accountable if they delay investigations or don't apply the law when necessary. This could include legal repercussions at the European Court of Justice.
Critics might not be happy with the transparency. Ireland and other nations will share their progress on a "strictly confidential basis," according to the Commission. The public might not know if a regulator is mishandling a case unless the EU takes visible action in response. Nonetheless, this may encourage Meta, Amazon, Google and other tech heavyweights to take European privacy laws more seriously — they may see quicker investigations and stiffer fines.