cross-posted from: https://lemmy.sdf.org/post/30014356

The General Data Protection Regulation (GDPR) was designed to put people’s rights at the centre of the digital economy, ensuring strong safeguards against data exploitation and corporate or state overreach. However, nearly six years after its enforcement, the reality falls short of the promise. Large technology companies have repeatedly delayed and obstructed procedures, while inconsistencies between -and other practices of- Data Protection Authorities (DPAs) have left individuals without effective redress.

The GDPR Procedural Regulation offers a rare opportunity to fix systemic weaknesses by streamlining cross-border enforcement, reducing delays, and ensuring consistency in cross-border cases. If done right, it could restore trust in the GDPR and reaffirm the EU’s leadership in protecting fundamental rights in the digital age. But if weakened by loopholes and inefficiencies, it risks entrenching existing problems and setting a dangerous precedent for digital rights enforcement.

Civil Society’s Call to Action

The letter (opens pdf) —signed by a broad coalition of human rights organisations—urges negotiators to ensure that the Regulation upholds the GDPR’s original vision of strong, meaningful enforcement. Key concerns include:

• Delays and procedural asymmetries: Some DPAs, particularly in jurisdictions where major tech companies are headquartered, have systematically delayed decisions, leaving individuals without redress while companies continue to profit from unlawful practices.
• Unpaid fines and ineffective deterrence: Despite high-profile GDPR fines, enforcement remains inconsistent, with some penalties going unpaid for years, eroding the credibility of the framework.
• Loopholes in early trilogue drafts: Provisions under discussion could inadvertently introduce new complexities rather than resolving existing inefficiencies, creating further barriers to enforcement.

[…]