GDPR: Citizen’s helper or bureaucratic monster?

It was a big bet. With the power of 450 million citizens and consumers it represents, the EU would, for the first time, build a bulwark against the omnipotence of American digital technology giants. It would oblige them to accept an extensive list of rights for the correction or deletion of personal data, but also to provide information to interested parties regarding their use, processing and storage. The result of the processes was Regulation 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data, which entered into force on 25 May 2018. International articles often refer, for reasons of brevity, as a regulation DGPR (DSGVO in German).

Four years later it seems that many are unaware of the rights granted to them by the new regulation. This is at least according to a survey conducted by the YouGov Institute for the German websites GMX and Web.de. a few days ago. Answering relevant questions, only 9% of respondents say that the DGPR regulation provides a significantly enhanced protection of personal data, while 31% say “partially better protection”. At the same time 38% of respondents say they see absolutely no difference compared to the past.

Change the agenda for personal data?

In a development that is unlikely to satisfy the European Commission and the proponents of privacy, most internet users do not seem to worry so much about the famous “right to be forgotten” or the rules governing the transfer of personal data by one provider to another. They seem to be more annoyed by the constant questions about the cookie settings that appear as pop-ups while surfing. 53% of respondents say they are “angry” with these questions, while 14% admit that they answer “whatever” in order to continue browsing the Internet. Only 12% notice that the banners for the settings of the cookies give him “a sense of control and self-determination” that did not exist before.

Cookies are mainly used by providers to send personalized, “personalized” advertising messages. Controversial are mainly the “third party cookies”, which follow the user on third party websites, many times without his explicit consent. Lately they are used less and less, at least in Europe, as the DGPR regulation restricts their use. This is one reason – but not the only one – for which Ulrich Kelber, the German government’s data protection officer, states today that “the DGPR regulation is the best available protection of citizens’ data worldwide”. The truth is, he adds, “that passing the law alone does not guarantee the necessary protection. There must also be proper oversight and judicial decisions. Significant steps have been taken in this direction in recent years.”

Mammoth fines for offenders

However, even the American giants can no longer ignore the threats of fines, which can reach 4% of world turnover. So far, the Luxembourg government has imposed the largest fine, calling on Amazon to pay 746 million euros following a complaint from a citizens’ initiative. In second place is WhatsApp, which was forced to pay a fine of 225 million euros in Ireland for “incomplete information” of consumers, while shortly before the French government had imposed a fine of 90 million euros on Google, because it processed personal data “without sufficient legal base”. Particularly “painful” is considered the fine of 35.25 million euros paid by the clothing company H & M in Hamburg for illegal processing of personal data of its employees. However, German government spokesman Ulrich Kelber argues that the DGPR regulation is not only a “means of pressure”, but can also act in the opposite direction, as an “additional sales argument”. Simply put, the consumer will prefer the business that is proven to respect the regulation and protection of personal data.

For their part, companies in the industry are rather critical of the regulation. “The German interpretation of the DGPR regulation probably needs to be revised after four years,” Achim Berg, head of the Bitcom Digital Economy Association, told the German News Agency (DPA). “Only partially” has the main goal of the regulation been achieved, which was a single piece of legislation, but also a practice for the protection of personal data throughout Europe, he argues. “40% of companies do not see any advantage in the regulation, while 18% see only disadvantages,” notes Achim Berg. “In fact, two out of three companies estimate that the protection of personal data makes it difficult to implement their investment plans.”

Christoph Dernbach (DPA)

Edited by: Giannis Papadimitriou

Source: Deutsche Welle