The European Commission has demanded that EU regulators tighten control over privacy breaches by technology giants. The decision came after a review of the Irish Data Protection Commission, which was accused of being too slow and lenient on breaches, Bloomberg says.
The European Commission's decision said that EU countries must now share reviews of major GDPR investigations every two months. In such reports, regulators should indicate "key procedural steps" and actions taken.
One reason for the review of the regulators' reporting regime was a case a few weeks ago, when the European Data Protection Council had to force the commission to increase the fine imposed on Meta Corporation from 28 to 390 million euros. The European Commission had previously issued compliance reports every two years, but there were no thorough and frequent inspections at the level of individual states. The new requirement will hold all EU members liable if they delay the investigation or fail to apply the legislation on time.
The publication notes that the innovation will primarily affect Ireland, the Netherlands, Luxembourg and France. Ireland has the largest number of technology companies in Europe, while the Netherlands is home to Uber Technologies Inc., Luxembourg to Amazon, and France to Criteo, one of the world's largest online advertising companies.
Meanwhile, the new GDPR requirements have already been criticized for their lack of transparency. Activists believe that the public will not know whether regulators are acting correctly until the EU takes visible response, because countries will share reports on their work on a "strictly confidential basis". However, as Bloomberg writes, this could encourage tech giants to take GDPR more seriously, as investigations into their activities could be expedited and the companies themselves could potentially face very significant fines.