EU privacy chief bashes lack of GDPR enforcement against Big Tech

European Data Protection Supervisor Wojciech Wiewiórowski on Friday said there isn’t enough privacy enforcement against tech companies like Meta and Google, hinting at a bigger role for a “pan-European” regulator.

In a speech marking the end of a two-day conference designed to scrutinize the EU’s flagship privacy code, the General Data Protection Regulation or GDPR, Wiewiórowski said enforcers had so far failed to rein in data protection abuses by big companies.

“I also see hopes that certain promises of the GDPR will be better delivered. I myself share views of those who believe we still do not see sufficient enforcement, in particular against Big Tech,” he said.

The remarks will be seen as a rebuke of the Irish Data Protection Commission, which oversees the majority of tech firms like Meta, Google and Apple under the GDPR because those companies are based in Ireland.

The Irish regulator has batted away mounting criticism over its perceived lack of GDPR enforcement, pointing to fines for WhatsApp, Facebook and Twitter. It also has several other penalties against tech firms waiting in the wings.

But the remarks by Wiewiórowski, the privacy watchdog for the EU institutions, suggest he’s not impressed by Ireland’s track record so far.

“Way too often, the GDPR puts its constraints on small entities but spares the big ones. In a way, instead of achieving [a] level playing field, we observe how big companies, thanks to their resources, can benefit from [a] lack of strong enforcement and further expand their advantage over small competitors,” he said.

He lamented that individuals can wait years to see their rights enforced, and suggested that a more centralized system of enforcement might be the way forward.

“I strongly believe that, following the best examples from other fields of EU law, at a certain moment a pan-European data protection enforcement model is going to be a necessary step to ensure real and consistent high-level protection of fundamental rights to data protection and privacy across the European Union,” he said.

EU privacy chief bashes lack of GDPR enforcement against Big Tech

This article is part of POLITICO Pro

The one-stop-shop solution for policy professionals fusing the depth of POLITICO journalism with the power of technology


Exclusive, breaking scoops and insights


Customized policy intelligence platform


A high-level public affairs network