EU’s once-hyped privacy law faces ‘crunch time’ for revamp

Bloomberg

One of the architects of the European Union’s sweeping General Data Protection Regulation (GDPR) admitted the law needs a revamp to ensure its fit for purpose amid growing attacks on citizens’ privacy.
Four years after it took effect, European Commission Vice President Vera Jourova said “targeted improvements” are now needed to the GDPR “in the age of tools such as Pegasus” spyware.
“I want to be honest with you, we are at the crunch time now,” she said, in prepared remarks for a speech she gave to data regulators. “Either we will all collectively show that GDPR and its enforcement is effective and fit for purpose or others will do it for us.”
The law, seen as a path-breaker in 2018, empowered EU data regulators to levy penalties of as much as 4% of a company’s annual revenue for the most serious violations. Overnight, it turned Ireland’s watchdog into the bloc’s top regulator probing dozens of powerful US tech firms with European bases in the nation — such as Meta Platforms Inc.
Since then tensions have been building among authorities over who is in charge of big cases and the length of time that Irish colleagues have taken to complete major EU-wide probes.
EU Justice Commissioner Didier Reynders said at the same event in Brussels that while more targeted improvements could bolster enforcement, he warned against declaring the situation “a crisis” or “as a reason to scratch completely the system.”
Opening up discussions on a total rewrite of the rules won’t be effective now, according to Reynders and Jourova.
“This might seem tempting, but here risks are high,” said Jourova, according to the draft of her speech. “Old legislative battles would come back. That is for sure. Some would want to try to weaken what we already have.”