Too many GDPR-watchers are twiddling their thumbs

I hate to say this, because some European data protection authorities are excellent (e.g.several of the German states, the German federal regulator… seeing a pattern here. Plus of course @EU_EDPS). But there is such a long-running pattern of Data Protection Directive/General Data Protection Regulation-breaking…

…I’m beginning to wonder if most of them are simply DPA-washing rampant law-breaking across Europe, and anyone who wants to see #GDPR enforced should waste no further time and proceed directly to court. Has anything changed since this 2014 EU Fundamental Rights Agency report finding data protection remedies to be lacking? (The GDPR was agreed, and came into force… but little has seemingly changed so far on the enforcement side.)

One thing that has improved, since I contributed to that report on the UK situation, is the experience and effectiveness of the judiciary. The most senior member state courts are becoming much better enforcers than the DPAs (e.g. England and Wales’ Court of Appeal). And of course, @EUCourtPress is leading the way on GDPR/Charter of Fundamental Rights enforcement.

I think @EURightsAgency should update that report post-#GDPR 🙂 In the meantime, DPAs need to start acting against the world’s largest data breach, aka #adtech, as @johnnyryan and @cybermatron say.