NOYB warns GDPR harmonisation law will be an embarrassment

A blog article by the Austrian privacy and digital rights advocacy group NOYB has criticised efforts to streamline EU General Data Protection Regulation (GDPR) enforcement through the proposed GDPR Procedural Regulation, arguing that the current trilogue negotiations will lead to a more complex and slower system. 

NOYB highlights that the existing GDPR cross-border enforcement mechanism, which relies on cooperation between data protection authorities (DPAs) in different EU/EEA member states, has largely failed and that complaints are often lost, decisions can take years, and there is little recourse against inactive DPAs.

While the European Commission's initial proposal for the harmonisation law was to create faster, simpler, and more effective enforcement, NOYB claims that the legislative process, marked by a lack of proper impact assessment by the Commission, a rushed position from the Council under the Belgian EU Presidency, and a perceived lack of ambition from the Parliament, is resulting in the opposite. Instead of a simplified core procedure, the draft texts under negotiation are expected to create around ten different types of GDPR procedures with numerous variations, making the system even more complicated and inconsistent.

One key unresolved issue involves procedural deadlines, with the Parliament proposing a 3-to-9-month timeframe for decisions, while the Council has reportedly suggested a decision deadline of up to 33 months, far exceeding the current average of around 8 months. If Parliament has dropped all of its negotiating positions during the trilogue, as NOYB claims, the resulting average will increase, not come down as was hoped. 

In its article, NOYB warns that this initiative will be an embarrassment for the EU, especially after promises to take data protection rights seriously and position the GDPR as the global gold standard. The outcome would also contradict the EU's stated goal of reducing complex rules and improving the quality of its legislation. 

In a statement, Honorary Chair NOYB, Max Schrems, said: "This Regulation could have been a game changer for exercising people's fundamental rights. Instead, it looks like it will waste thousands of hours in already overworked auhorities by prescribing various useless and overly complex procedural steps, which translates to Millions in taxpayer money. At the same time, procedures will be slower and also more complex for business and citizens alike. Enforcement of GDPR rights of normal people will be even harder to reach. Businesses will likely see more legal uncertainty, inaccurate decisions and higher legal costs for additional paperwork and necessary appeals."