How EU's new privacy probe rules affect Big Tech companies
Europe has always been eager to crack down on Big Tech's privacy abuses. However, things haven't gone exactly the way they wanted. Investigations into privacy violations have often been criticized for being tardy, while many have been unhappy about the Irish privacy watchdog's role in such investigations. The European Commission has proposed new rules to address these criticisms. Let's see what they are.
Why does this story matter?
Europe gave its privacy regime more teeth with the landmark General Data Protection Regulation (GDPR), which came into force in 2018. The new rules have led to more investigations into Big Tech's practices than ever. However, critics believe longer investigations and moderate penalties have undermined GDPR's mandate. There have been calls to make some changes. It needs to be seen whether they will work.
Irish DPC has been criticized by its peers
Some of the world's biggest technology companies have their European bases in Ireland. They come under the jurisdiction of the Irish Data Protection Commission (DPC). Other European countries have often criticized the Irish DPC for its lax attitude toward Big Tech data privacy violations. Its peers have been asking for an increased role in probes into Big Tech's privacy practices.
Lead regulators must share summary of issues with peers
Cross-border investigations have always been a bone of contention between Europe's national privacy regulators. Under GDPR, such investigations are conducted by national data protection authorities where the company has its European headquarters. Now, the commission wants the lead authority to share a "summary of key issues" after a preliminary investigation with its peers. This will allow others to provide feedback at an early stage.
Sharing key issues would help settle differences early
Sharing issues will also provide an early chance to settle the disagreements between different privacy regulators. That would ease the tensions between regulators and help them set out common goals.
Complainants and defendants will have right to be heard
The proposed new rules also seek to enhance the rights of complainants and defendants at different stages. Complainants will have the right to be heard if their complaint is rejected fully or partially. They would also have the right to be properly involved if regulators decided to investigate their complaints. Meanwhile, companies will have the right to be heard at different stages.
Privacy activists and tech lobbying groups criticized proposed rules
Giving regulators from other countries other than the one where a company is domiciled more say in investigations is bound to be a problem for Big Tech. Tech lobbying groups said the rules are inadequate when it comes to companies' right to appeal and fair hearing. Activist groups also criticized the rules. Privacy activist Max Schrems said the rules are technically and materially flawed.