{"id":24296,"date":"2023-05-18T05:36:07","date_gmt":"2023-05-18T12:36:07","guid":{"rendered":"https:\/\/www.privateinternetaccess.com\/blog\/?p=24296"},"modified":"2023-05-18T05:43:40","modified_gmt":"2023-05-18T12:43:40","slug":"gdpr-still-flawed-after-five-years","status":"publish","type":"post","link":"https:\/\/www.privateinternetaccess.com\/blog\/gdpr-still-flawed-after-five-years\/","title":{"rendered":"The EU&#8217;s GDPR Is 5 Years Old and Still Not Working Properly: How Can It Be Fixed?"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">The European Union\u2019s flagship law on privacy, the General Data Protection Regulation (GDPR), is five years old. It has undoubtedly had a dramatic impact on the privacy world, as the <a href=\"https:\/\/www.privateinternetaccess.com\/blog\/tracking-pixel-violates-gdpr\/\">many stories about it on PIA blog<\/a> attest. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Despite this evident success, the GDPR has seen its fair share of criticism. For example, many people blame the GDPR for the privacy pop-ups that greet them when they visit new Web sites. The truth is that the pop-ups are unnecessary and only appear because sites are hoping to annoy you into accepting little or no privacy protection to get rid of the intrusive messages.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">A more serious criticism is that, even after five years, GDPR didn\u2019t impose enough fines on big tech, most of which continues to carry out online surveillance on a huge scale, mostly to feed their business models based on advertising. A concern was that EU data protection authorities (DPAs) were <a href=\"https:\/\/www.privateinternetaccess.com\/blog\/is-the-gdpr-failing-if-it-is-how-can-it-be-saved\/\">underfunded<\/a>, and thus unable to undertake the necessary work to bring successful, large-scale cases.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Is the GDPR Just a Nuisance for Big Tech? <\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">One person whose name has frequently appeared on this blog in the context of GDPR\u2019s flaws is the privacy expert <a href=\"https:\/\/www.privateinternetaccess.com\/blog\/will-privacy-activist-max-schrems-new-legal-action-against-facebook-at-eus-highest-court-prove-to-be-his-most-important-yet\/\">Max Schrems<\/a>. His organization, noyb.eu, put together some useful <a href=\"https:\/\/noyb.eu\/en\/five-years-gdpr-media-resources\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">new resources<\/a> to mark the fifth anniversary of the GDPR. These include statistics about both noyb.eu\u2019s work and the EU\u2019s data protection agencies. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">NOYB provides invaluable insights into where the real problems with the GDPR lie. For example, although noyb.eu has brought an astonishing 800 GDPR cases against companies, the <a href=\"https:\/\/noyb.eu\/en\/project\/cases\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">vast majority of them<\/a> are still pending:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>249 have been pending for 6 to 12 months<\/li>\n\n\n\n<li>492 for 18 to 24 months<\/li>\n\n\n\n<li>133 for 2 to 3 years<\/li>\n\n\n\n<li>33 have been pending for 3 years or more<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">It\u2019s premature to claim that the GDPR has \u201cfailed\u201d because hundreds of cases are still working their way through the system. But the fact that some still haven\u2019t been resolved several years after they were filed reveals one obvious problem that needs addressing.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The noyb.eu resources about each EU country also shed some light on the issue of funding and staffing. For example, <a href=\"https:\/\/noyb.eu\/sites\/default\/files\/2023-05\/DEF%20OnePager%20Germany.pdf\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Germany<\/a> had no less than 1,155 people working in its data protection agencies, with a total budget of 114 million euros in 2022. <a href=\"https:\/\/noyb.eu\/sites\/default\/files\/2023-05\/DEF%20OnePager%20Italy.pdf\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Italy<\/a>, by contrast, had 131 people working in its \u201cGarante per la protezione dei dati personali\u201d, with a budget of 35.6 million euros in 2021.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"alignright size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2023\/05\/ireland_dpc1-1024x576.png\" alt=\"Screenshot of the DPC's website\" class=\"wp-image-24330\" width=\"356\" height=\"200\" srcset=\"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2023\/05\/ireland_dpc1-1024x576.png 1024w, https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2023\/05\/ireland_dpc1-300x169.png 300w, https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2023\/05\/ireland_dpc1-768x432.png 768w, https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2023\/05\/ireland_dpc1-1536x864.png 1536w, https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2023\/05\/ireland_dpc1-1200x675.png 1200w, https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2023\/05\/ireland_dpc1.png 1920w\" sizes=\"auto, (max-width: 356px) 85vw, 356px\" \/><\/figure>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\">Perhaps the most important of the country reports concerns Ireland, which occupies a special place in the GDPR world. That\u2019s because for each GDPR case there is a \u201clead\u201d authority, determined by where the company concerned is based. With this information, doesn\u2019t take long to figure out why the GDPR is flawed<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Ireland has a reputation for attracting and cozying up to the world\u2019s top Internet companies, such as Google (including YouTube), Meta (including Facebook, Instagram, WhatsApp), Apple, TikTok, Twitter, and Microsoft (including Linkedin, Xbox). As a result, when there are allegations of data protection problems with any of these companies, the complaint has to be dealt with by the Irish Data Protection Commission (DPC), which has also <a href=\"https:\/\/www.privateinternetaccess.com\/blog\/schrems-vs-dpc-battle-hots-up-as-new-document-suggests-irish-privacy-body-tried-to-weaken-gdpr\/\">figured many times<\/a> on the PIA blog.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">GDPR\u2019s Flaws: Ireland Siding with Big Tech on Data Privacy<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">The <a href=\"https:\/\/noyb.eu\/sites\/default\/files\/2023-05\/DEF%20OnePager%20Ireland.pdf\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">noyb.eu document on Ireland<\/a> is scathing in its review. It claims that the DPC received a total of 19,581 complaints since the GDPR entered into force, but only produced 37 formal decisions in the span of five years, of which just eight were based on a complaint, which means that \u201conly 0.04% of all complaints led to a formal decision of the DPC\u201d according to noyb.eu. It says that the DPC only conducts a \u201cpure paper review\u201d of complaints:<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p class=\"wp-block-paragraph\">Just like many other DPAs, the DPC does not typically investigate matters, but solely relies on representations by companies. No witnesses are called in, no on premises investigations made \u2013 making sure that companies can easily get away with GDPR violations.<\/p>\n<\/blockquote>\n\n\n\n<p class=\"wp-block-paragraph\">Noyb.eu also accuses the Irish DPC of \u201cbadly managed procedures\u201d, writing:<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p class=\"wp-block-paragraph\">It is not uncommon that the DPC produces a \u201cdraft report\u201d, \u201cfinal report\u201d, \u201cpreliminary draft decisions\u201d or a \u201cdraft decision\u201d together with additional \u201cschedules\u201d and countless letters \u2013 just in the course of a single procedure. This approach can lead to files of more than 5.000 pages even for simple legal questions.<\/p>\n<\/blockquote>\n\n\n\n<p class=\"wp-block-paragraph\">Other alleged problems with the DPC are contained in a new report from the Irish Council for Civil Liberties (ICCL), entitled \u201c<a href=\"https:\/\/www.iccl.ie\/wp-content\/uploads\/2023\/05\/5-years-GDPR-crisis.pdf\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">5 years: GDPR\u2019s crisis point<\/a>\u201d. For example, the ICCL points out that the Irish DPC has used its discretion under Irish law to choose \u201camicable resolution\u201d to conclude 83% of the cross-border complaints it receives. The ICCL also writes that:<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p class=\"wp-block-paragraph\">75% of the Irish Data Protection Commission\u2019s GDPR investigation decisions in EU cases were overruled by majority vote of its European peers at the European Data Protection Board, who demand tougher enforcement action. Only one other country, in one single case, has ever been overruled in this manner.<\/p>\n<\/blockquote>\n\n\n\n<p class=\"wp-block-paragraph\">These statistics from noyb.eu and the ICCL suggest that there is a serious problem with the way the DPC is handling GDPR complaints. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">When the GDPR was being drawn up, no account was taken of the fact that the vast majority of top Internet companies have their European headquarters in Ireland. The dangerous dependence of the Irish economy on the tax revenue from these digital platforms inevitably creates an atmosphere where strict enforcement by the DPC against them is difficult. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Maybe it\u2019s time to move to a centralized, pan-EU approach to dealing with complaints if the GDPR is ever to realize its full potential for protecting privacy. In the meantime, noyb.eu has put together a <a href=\"https:\/\/gdpr-procedure.eu\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">draft procedural regulation<\/a> designed to help DPAs cooperate better and to enforce EU law more rigorously.<\/p>\n\n\n\n<a style=\"text-decoration: none;\" href=\"https:\/\/www.privateinternetaccess.com\/buy-vpn-online?conversionpoint=gdpr_flawed\"><button class=\"bg-btn-1\"> Get PIA VPN <\/button><\/a>\n\n\n\n<p class=\"has-text-align-right has-small-font-size wp-block-paragraph\">Featured image by <a href=\"https:\/\/www.publicdomainpictures.net\/de\/view-image.php?image=449521&amp;picture=flagge-der-europaischen-union\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Petr Kratochvil<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Even after five years, GDPR didn&#8217;t impose enough fines on big tech. Ireland&#8217;s DPC is one of the major reasons behind GDPR&#8217;s lack of impact.<\/p>\n","protected":false},"author":20,"featured_media":24306,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_stopmodifiedupdate":false,"_modified_date":"","footnotes":""},"categories":[1,130,2579,2864],"tags":[2491,1990,200,485,247,2341,622,494,681,2814],"class_list":["post-24296","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","category-governments","category-online-privacy","category-studies","tag-dpa","tag-dpc","tag-eu","tag-gdpr","tag-germany","tag-iccl","tag-ireland","tag-italy","tag-max-schrems","tag-noyb-eu"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.9 (Yoast SEO v26.9) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>The GDPR Is 5 &amp; It&#039;s Still Flawed: What Can We Do? | PIA VPN<\/title>\n<meta name=\"description\" content=\"Even after five years, GDPR didn&#039;t impose enough fines on big tech. Ireland&#039;s DPC is one of the major reasons behind GDPR&#039;s lack of impact.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.privateinternetaccess.com\/blog\/gdpr-still-flawed-after-five-years\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"The EU&#039;s GDPR Is 5 Years Old and Still Not Working Properly: How Can It Be Fixed?\" \/>\n<meta property=\"og:description\" content=\"Even after five years, GDPR didn&#039;t impose enough fines on big tech. Ireland&#039;s DPC is one of the major reasons behind GDPR&#039;s lack of impact.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.privateinternetaccess.com\/blog\/gdpr-still-flawed-after-five-years\/\" \/>\n<meta property=\"og:site_name\" content=\"PIA\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/privateinternetaccess\/\" \/>\n<meta property=\"article:published_time\" content=\"2023-05-18T12:36:07+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-05-18T12:43:40+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2023\/05\/european-union-flag-16530338432R0.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1920\" \/>\n\t<meta property=\"og:image:height\" content=\"1280\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Glyn Moody\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@http:\/\/twitter.com\/glynmoody\" \/>\n<meta name=\"twitter:site\" content=\"@buyvpnservice\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Glyn Moody\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/gdpr-still-flawed-after-five-years\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/gdpr-still-flawed-after-five-years\/\"},\"author\":{\"name\":\"Glyn Moody\",\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/#\/schema\/person\/99ba810662cdf92245f61106c0c29775\"},\"headline\":\"The EU&#8217;s GDPR Is 5 Years Old and Still Not Working Properly: How Can It Be Fixed?\",\"datePublished\":\"2023-05-18T12:36:07+00:00\",\"dateModified\":\"2023-05-18T12:43:40+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/gdpr-still-flawed-after-five-years\/\"},\"wordCount\":975,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/gdpr-still-flawed-after-five-years\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2023\/05\/european-union-flag-16530338432R0.jpg\",\"keywords\":[\"dpa\",\"dpc\",\"EU\",\"gdpr\",\"germany\",\"iccl\",\"ireland\",\"Italy\",\"max schrems\",\"noyb.eu\"],\"articleSection\":[\"General Privacy News\",\"Governments\",\"Online Privacy\",\"Studies\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.privateinternetaccess.com\/blog\/gdpr-still-flawed-after-five-years\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/gdpr-still-flawed-after-five-years\/\",\"url\":\"https:\/\/www.privateinternetaccess.com\/blog\/gdpr-still-flawed-after-five-years\/\",\"name\":\"The GDPR Is 5 & It's Still Flawed: What Can We Do? | PIA VPN\",\"isPartOf\":{\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/gdpr-still-flawed-after-five-years\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/gdpr-still-flawed-after-five-years\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2023\/05\/european-union-flag-16530338432R0.jpg\",\"datePublished\":\"2023-05-18T12:36:07+00:00\",\"dateModified\":\"2023-05-18T12:43:40+00:00\",\"description\":\"Even after five years, GDPR didn't impose enough fines on big tech. Ireland's DPC is one of the major reasons behind GDPR's lack of impact.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/gdpr-still-flawed-after-five-years\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.privateinternetaccess.com\/blog\/gdpr-still-flawed-after-five-years\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/gdpr-still-flawed-after-five-years\/#primaryimage\",\"url\":\"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2023\/05\/european-union-flag-16530338432R0.jpg\",\"contentUrl\":\"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2023\/05\/european-union-flag-16530338432R0.jpg\",\"width\":1920,\"height\":1280},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/gdpr-still-flawed-after-five-years\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.privateinternetaccess.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"The EU&#8217;s GDPR Is 5 Years Old and Still Not Working Properly: How Can It Be Fixed?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/#website\",\"url\":\"https:\/\/www.privateinternetaccess.com\/blog\/\",\"name\":\"PIA\",\"description\":\"Online privacy news from around the world.\",\"publisher\":{\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.privateinternetaccess.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/#organization\",\"name\":\"Private Internet Access\",\"url\":\"https:\/\/www.privateinternetaccess.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2018\/07\/pialogowhitekglogo.png\",\"contentUrl\":\"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2018\/07\/pialogowhitekglogo.png\",\"width\":1200,\"height\":1200,\"caption\":\"Private Internet Access\"},\"image\":{\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/privateinternetaccess\/\",\"https:\/\/x.com\/buyvpnservice\",\"https:\/\/www.instagram.com\/piavpn\/\",\"https:\/\/www.youtube.com\/channel\/UClyJZ47Rizb1xnwuKXDI0_w\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/#\/schema\/person\/99ba810662cdf92245f61106c0c29775\",\"name\":\"Glyn Moody\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/220b7317aa40ea679b23b79c368761eb6fd45039d978354b06dc7683a812d2fc?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/220b7317aa40ea679b23b79c368761eb6fd45039d978354b06dc7683a812d2fc?s=96&d=mm&r=g\",\"caption\":\"Glyn Moody\"},\"description\":\"Glyn Moody is a freelance journalist who writes and speaks about privacy, surveillance, digital rights, open source, copyright, patents and general policy issues involving digital technology. He started covering the business use of the Internet in 1994, and wrote the first mainstream feature about Linux, which appeared in Wired in August 1997. His book, \\\"Rebel Code,\\\" is the first and only detailed history of the rise of open source, while his subsequent work, \\\"The Digital Code of Life,\\\" explores bioinformatics - the intersection of computing with genomics.\",\"sameAs\":[\"http:\/\/opendotdotdot.blogspot.com\/\",\"https:\/\/www.linkedin.com\/in\/glynmoody\/\",\"https:\/\/x.com\/http:\/\/twitter.com\/glynmoody\"],\"url\":\"https:\/\/www.privateinternetaccess.com\/blog\/author\/glynmoody\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"The GDPR Is 5 & It's Still Flawed: What Can We Do? | PIA VPN","description":"Even after five years, GDPR didn't impose enough fines on big tech. Ireland's DPC is one of the major reasons behind GDPR's lack of impact.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.privateinternetaccess.com\/blog\/gdpr-still-flawed-after-five-years\/","og_locale":"en_US","og_type":"article","og_title":"The EU's GDPR Is 5 Years Old and Still Not Working Properly: How Can It Be Fixed?","og_description":"Even after five years, GDPR didn't impose enough fines on big tech. Ireland's DPC is one of the major reasons behind GDPR's lack of impact.","og_url":"https:\/\/www.privateinternetaccess.com\/blog\/gdpr-still-flawed-after-five-years\/","og_site_name":"PIA","article_publisher":"https:\/\/www.facebook.com\/privateinternetaccess\/","article_published_time":"2023-05-18T12:36:07+00:00","article_modified_time":"2023-05-18T12:43:40+00:00","og_image":[{"width":1920,"height":1280,"url":"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2023\/05\/european-union-flag-16530338432R0.jpg","type":"image\/jpeg"}],"author":"Glyn Moody","twitter_card":"summary_large_image","twitter_creator":"@http:\/\/twitter.com\/glynmoody","twitter_site":"@buyvpnservice","twitter_misc":{"Written by":"Glyn Moody","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.privateinternetaccess.com\/blog\/gdpr-still-flawed-after-five-years\/#article","isPartOf":{"@id":"https:\/\/www.privateinternetaccess.com\/blog\/gdpr-still-flawed-after-five-years\/"},"author":{"name":"Glyn Moody","@id":"https:\/\/www.privateinternetaccess.com\/blog\/#\/schema\/person\/99ba810662cdf92245f61106c0c29775"},"headline":"The EU&#8217;s GDPR Is 5 Years Old and Still Not Working Properly: How Can It Be Fixed?","datePublished":"2023-05-18T12:36:07+00:00","dateModified":"2023-05-18T12:43:40+00:00","mainEntityOfPage":{"@id":"https:\/\/www.privateinternetaccess.com\/blog\/gdpr-still-flawed-after-five-years\/"},"wordCount":975,"commentCount":0,"publisher":{"@id":"https:\/\/www.privateinternetaccess.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.privateinternetaccess.com\/blog\/gdpr-still-flawed-after-five-years\/#primaryimage"},"thumbnailUrl":"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2023\/05\/european-union-flag-16530338432R0.jpg","keywords":["dpa","dpc","EU","gdpr","germany","iccl","ireland","Italy","max schrems","noyb.eu"],"articleSection":["General Privacy News","Governments","Online Privacy","Studies"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.privateinternetaccess.com\/blog\/gdpr-still-flawed-after-five-years\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.privateinternetaccess.com\/blog\/gdpr-still-flawed-after-five-years\/","url":"https:\/\/www.privateinternetaccess.com\/blog\/gdpr-still-flawed-after-five-years\/","name":"The GDPR Is 5 & It's Still Flawed: What Can We Do? | PIA VPN","isPartOf":{"@id":"https:\/\/www.privateinternetaccess.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.privateinternetaccess.com\/blog\/gdpr-still-flawed-after-five-years\/#primaryimage"},"image":{"@id":"https:\/\/www.privateinternetaccess.com\/blog\/gdpr-still-flawed-after-five-years\/#primaryimage"},"thumbnailUrl":"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2023\/05\/european-union-flag-16530338432R0.jpg","datePublished":"2023-05-18T12:36:07+00:00","dateModified":"2023-05-18T12:43:40+00:00","description":"Even after five years, GDPR didn't impose enough fines on big tech. Ireland's DPC is one of the major reasons behind GDPR's lack of impact.","breadcrumb":{"@id":"https:\/\/www.privateinternetaccess.com\/blog\/gdpr-still-flawed-after-five-years\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.privateinternetaccess.com\/blog\/gdpr-still-flawed-after-five-years\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.privateinternetaccess.com\/blog\/gdpr-still-flawed-after-five-years\/#primaryimage","url":"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2023\/05\/european-union-flag-16530338432R0.jpg","contentUrl":"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2023\/05\/european-union-flag-16530338432R0.jpg","width":1920,"height":1280},{"@type":"BreadcrumbList","@id":"https:\/\/www.privateinternetaccess.com\/blog\/gdpr-still-flawed-after-five-years\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.privateinternetaccess.com\/blog\/"},{"@type":"ListItem","position":2,"name":"The EU&#8217;s GDPR Is 5 Years Old and Still Not Working Properly: How Can It Be Fixed?"}]},{"@type":"WebSite","@id":"https:\/\/www.privateinternetaccess.com\/blog\/#website","url":"https:\/\/www.privateinternetaccess.com\/blog\/","name":"PIA","description":"Online privacy news from around the world.","publisher":{"@id":"https:\/\/www.privateinternetaccess.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.privateinternetaccess.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.privateinternetaccess.com\/blog\/#organization","name":"Private Internet Access","url":"https:\/\/www.privateinternetaccess.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.privateinternetaccess.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2018\/07\/pialogowhitekglogo.png","contentUrl":"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2018\/07\/pialogowhitekglogo.png","width":1200,"height":1200,"caption":"Private Internet Access"},"image":{"@id":"https:\/\/www.privateinternetaccess.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/privateinternetaccess\/","https:\/\/x.com\/buyvpnservice","https:\/\/www.instagram.com\/piavpn\/","https:\/\/www.youtube.com\/channel\/UClyJZ47Rizb1xnwuKXDI0_w"]},{"@type":"Person","@id":"https:\/\/www.privateinternetaccess.com\/blog\/#\/schema\/person\/99ba810662cdf92245f61106c0c29775","name":"Glyn Moody","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.privateinternetaccess.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/220b7317aa40ea679b23b79c368761eb6fd45039d978354b06dc7683a812d2fc?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/220b7317aa40ea679b23b79c368761eb6fd45039d978354b06dc7683a812d2fc?s=96&d=mm&r=g","caption":"Glyn Moody"},"description":"Glyn Moody is a freelance journalist who writes and speaks about privacy, surveillance, digital rights, open source, copyright, patents and general policy issues involving digital technology. He started covering the business use of the Internet in 1994, and wrote the first mainstream feature about Linux, which appeared in Wired in August 1997. His book, \"Rebel Code,\" is the first and only detailed history of the rise of open source, while his subsequent work, \"The Digital Code of Life,\" explores bioinformatics - the intersection of computing with genomics.","sameAs":["http:\/\/opendotdotdot.blogspot.com\/","https:\/\/www.linkedin.com\/in\/glynmoody\/","https:\/\/x.com\/http:\/\/twitter.com\/glynmoody"],"url":"https:\/\/www.privateinternetaccess.com\/blog\/author\/glynmoody\/"}]}},"_links":{"self":[{"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/posts\/24296","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/users\/20"}],"replies":[{"embeddable":true,"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/comments?post=24296"}],"version-history":[{"count":33,"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/posts\/24296\/revisions"}],"predecessor-version":[{"id":24337,"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/posts\/24296\/revisions\/24337"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/media\/24306"}],"wp:attachment":[{"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/media?parent=24296"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/categories?post=24296"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/tags?post=24296"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}