GDPR, billed as landmark regulation two years ago when it was first passed, has placed an undue burden on small and medium-sized businesses, while some rules have proven difficult to implement according to an official report released today.
Although there were nearly 800 administrative fines imposed between May 2018 and November 2019, the only significant fine levied against a large technology company (and by far the largest) was the €50m fine against Google in France in 2019.
Two years into its existence, two of the biggest impacts of GDPR could be the way in which it has helped raise public awareness of privacy issues and the fact that it has created a common regulatory position on the topic. Big tech companies—especially the data brokers like Google and Facebook—initially lobbied against the regulation, warning amongst other criticisms of the hinderance it would place on innovation. But this has not come to fruition.
GDPR appears to have fallen far short of changing corporate privacy practices as was hoped by some advocates at the time. In the US, despite calls by Apple CEO Tim Cook for comprehensive federal privacy regulation and declaring privacy a human right, there has been even less progress. After two years of hearings in Congress, no consensus has emerged.
Data, despite being today’s most valuable asset, still goes largely unregulated. Digital transformation has taken on far greater importance since the lockdowns, increasingly determining the success or failure of companies across all industries. From a consumer perspective, trust in technology is more important today than ever before. Though GDPR has not been a gamechanger thus far and federal privacy regulation in the US is still a distant possibility, well enforced regulation of how data is used and how well it is managed by companies is still needed as a pillar of the digital transformation that dominates the global economy.