A document recently published by the Brave team has come to a conclusion that several EU member states have not employed enough number of people to enforce General Data Protection Regulation.
“Only five of Europe’s 28 national GDPR enforcers have more than 10 tech specialists. Europe’s GDPR enforcers do not have the capacity to investigate Big Tech.”
Additionally, the document alleges that the enforcement agencies lack adequate funding, leading to hesitation on their side to slap lawsuits against large tech companies as it would require deep pockets.
“Even when wrongdoing is clear, DPAs [data protection authorities] hesitate to use their powers against major tech firms because they cannot afford the cost of legally defending their decisions against ‘Big Tech’ legal firepower.”
The complaint launched by Dr. Johnny Ryan, Brave’s chief policy and industry relations officer, requests the European Commission to take measures and if required to take the matter to the European Court of Justics:
“Brave is requesting that the European Commission launch an infringement procedure against the European Member State Governments, and refer them to the European Court of Justice if necessary.”
The complaint names all member states of the European Union, barring Germany, which, as per the survey document, is the only country that sufficiently employs and allocates enough money to data protection institution.
Dr. Ryan stated that in spite of economic crunch, he anticipates the European governments to boost funding of authorities safeguarding info:
“I expect a budgetary increase. Not least because the credibility of the GDPR is critically important to the EU.”
Earlier, Brave filed a case against Google with the European regulator, alleging it of breaching Article 5(1)b of the GDPR. Notably, Brave is created on Chromium infrastructure, an open-source venture of Google.
Dr.Ryan does not foresee retaliation by Google against Brave. For that matter, with a pile of money being injected into the market in the form of stimulus programs, a fraction of that could be diverted to the cause of data protection.