BRUSSELS (Reuters) – Ireland and Luxembourg, European headquarters to Google, Facebook, Twitter and Amazon, need a substantial boost in resources to deal with data breaches by U.S. tech giants, a European Union report said.
The report by the European Commission, seen by Reuters, sought to assess the effectiveness of the EU’s landmark data privacy rules known as the General Data Protection Regulation (GDPR) adopted in 2018.
GDPR requires companies to seek people’s consent before using their personal data or face steep fines. European Vice President for Values and Transparency Vera Jourova has previously lauded the rules as a compass to guide the EU into the digital age.
The report said that data protection agencies across the 27-country bloc had increased staff by 42% increase and budgets by 49% between 2016-2019, but the Irish and Luxembourg governments needed to do more.
“Given that the largest big tech multinationals are established in Ireland and Luxembourg, the data protection authorities of these countries act as lead authorities in many important cross-border cases and may need larger resources than their population would otherwise suggest,” the report said.
The Irish watchdog has opened cases into Facebook, Facebook-owned Instagram and WhatsApp as well as Twitter, Apple, Verizon Media, Microsoft-owned LinkedIn and U.S. digital advertiser Quantcast.
The report urged national watchdogs to launch joint investigations that would lead to more harmonised rules and approaches.
It said some of the challenges were reconciling data privacy rights with the right to freedom of expression, and how to apply the rules to technologies such as artificial intelligence, facial recognition, blockchain and the internet of things.
Enforcement continues to be the weak link, said Eva Simon at the Civil Liberties Union for Europe.
“There are still far too many governments, organisations and businesses flouting the rules,” she said.
(Reporting by Foo Yun Chee. Editing by Jane Merriman)
