The EDPB’s updated GDPR guidelines indicate a trend towards stricter enforcement and higher fines by European data protection authorities.
As the world moves deeper into the digital age, privacy and data protection issues have become increasingly important, and European countries have been at the forefront of these challenges. The European Data Protection Board (EDPB) has recently updated its Guidelines on calculating administrative fines under the General Data Protection Regulation (GDPR). This move is expected to result in an overall increase in fines.
Stepping Up Enforcement
The Dutch Data Protection Authority (AP) and Luxembourg’s National Commission for Data Protection (LDPA) have committed to enforcing the GDPR by imposing significant fines. In a notable instance, the Dutch AP fined a sharing economy platform a hefty EUR 10 million in January 2024. Luxembourg’s LDPA is upholding a substantial EUR 746 million fine against Amazon, demonstrating the increasing seriousness with which data protection violations are being treated.
Class Action Debates and Innovative Approaches
In the Netherlands, an ongoing debate revolves around the rights of interest groups to exercise certain claims under the GDPR without the data subject’s consent. This has been brought to light in the ongoing class action against TikTok. One interesting point of contention is a possible translation error in Recital 142 GDPR, which could heavily influence future litigation culture.
On the other hand, the Belgian Data Protection Authority (BDPA), while issuing moderate fines, has taken significant corrective actions in certain cases. It has also adopted a more constructive approach to settlement decisions related to GDPR compliance. For instance, it initially imposed fines for cookie use violations on websites but later required compliance measures without declaring a GDPR breach. This more constructive approach will be observed for further developments in 2024.
Data Sovereignty in the EU
Data sovereignty remains a critical issue in the EU, especially regarding data transfers outside the EU. The Belgian BDPA has prohibited personal data transfers to US tax authorities under the Foreign Account Tax Compliance Act (FATCA). As the digital landscape continues to evolve, such measures reflect the need for stringent data protection policies to safeguard the rights of individuals.
