Mozilla’s Senior Policy Manager and EU Principal, Raegan MacDonald, issued a statement saying that in 2019 more resources would most likely be put into the enforcement of the EU’s General Data Protection Regulation (GDPR). Although no large financial penalty has been issued yet under the GDPR, MacDonald expects that will happen this year. 2018 was the year of implementing GDPR. 2019 will be the year when enforcement of GDPR commences in earnest.
MacDonald proceeded to point out that she believes the impact of GDPR hasn’t been felt yet to the fullest. Companies are just doing the bare minimum to comply with the new law. She explained that it’s still too early to see any real impact of the GDPR, although there’s been some progress. A lot of companies have already updated their privacy policies and developed ways to provide users with more control, such as allowing them to request the deletion of their data. Countless companies seem to have a narrow interpretation of GDPR. Privacy is still in jeopardy without users knowing or having purposeful control.
But MacDonald’s opinion is that this ‘superficial’ method of compliance is going to change. Local Data Protection Authorities located in every EU member state are getting better acquainted with the laws and their application. Beginning in 2019, the ‘grace period’ is over, so companies need to shape up or they will get seriously penalized by regulators. Rules are only effective if they are rigorously enforced. Many data protection authorities are beginning to carefully scrutinize the underwhelming implementation steps that some companies have after having received numerous complaints.
MacDonald would like to see more power granted to users in connection with managing their private information. Mozilla firmly believes that consumers ought to have more meaningful control of their data, and not just have tools hidden in privacy updates or configuration menus. Eventually, there should be a strong enforcement of the GDPR in Europe and firms that are not genuinely complying with the principles of the GDPR should, and will be penalized.