Europe's privacy shake-up turns one

Thomson Reuters Foundation
Published : 11:15, May 25, 2019 | Updated : 11:18, May 25, 2019

A man walks in front of a showcase displaying computers at a store in Mexico City, Mexico May 8, 2019. REUTERSThe European Union's biggest shake-up of data privacy laws in more than two decades came into force a year ago, giving people more control over their online information and authorities the power to impose hefty fines.

From pop-up messages asking web users to consent to their data being processed to high-profile investigations into tech companies, the EU's General Data Protection Regulation (GDPR) has brought some significant changes to people's lives online.

As Saturday marks the legislation's first anniversary, the Thomson Reuters Foundation asked a group of privacy experts what was the regulation's biggest impact and what issues were outstanding:

Ailidh Callander - legal officer, Privacy International

"As a result of GDPR there is more awareness about data protection - people have been exercising their rights as demonstrated by the increased number of complaints received by data protection authorities across the EU.

"Heads of firms previously opposed to GDPR are professing their new found love of privacy - a year on the discourse has changed but we need more than lip service.

"We need pro-active implementation of GDPR by companies. For example, adopting a privacy by design and by default approach. We also need enforcement by regulators."

Katarzyna Szymielewicz, co-founder, Panoptykon Foundation

"The GDPR leaves no doubt that, as individuals, we have the right to control personal data that was generated by algorithms and statistical analysis.

"But in 2019 many are frustrated with pop-ups that prompt them to give consent to something they don't really understand.

"One cannot accept something one does not comprehend. And the complexity of data flows involved in average internet service by far exceeds the average users' capacity to follow, understand and control."

Paul-Olivier Dehaye - co-founder,

"In a way the improvement is not directly in privacy, but in exposing the ecosystem more, and the duplicity of some of the actors.

"The most pressing issues to be addressed are all with the data protection authorities, who are dropping the ball at the moment. They were not ready for the clear interest the general public has displayed in the GDPR being enforced."

Diego Naranjo - policy advisor, European Digital Rights

"The GDPR has brought a higher degree of harmonisation, new rights, clarifications and stronger fines. It is the highest standard worldwide for data protection.

"But the legislation left quite a number of issues to be regulated nationally.

"This is bringing issues at national level for example regarding the use of personal data by political parties, the lack of strong enforcement by certain authorities, and that some companies still ask for data that is not needed."

Matthew Rice - Scotland director, Open Rights Group

"People are becoming more aware of the fundamental right to data protection and more active on asserting that right. A data privacy aware society beginning to emerge.

"Authorities are starting to flex their regulatory powers. This year regulators in the Netherlands published an opinion that cookie walls, requiring an individual to consent to tracking to access a service, are not in compliance with the GDPR. This decision could have profound consequences.

"There are still many problems to address, including specific exemptions built in by some countries, like the United Kingdom's exemption withholding information from individuals if it would prejudice effective immigration control."