Big Tech have mastered the art of delay and deflection. Under the GDPR’s ‘one-stop-shop’ mechanism, cases are often handled by regulators in the country where a company is based, rather than where harm occurs. This means that when someone in France, Poland, or Spain suffers from unlawful data misuse by a company based in Ireland or Luxembourg, their complaint can get stuck in an enforcement black hole.
[…]
Right now, EU policymakers have a chance to fix this. The GDPR Procedural Regulation—currently in negotiations—could finally close these enforcement loopholes. It could ensure faster, more efficient investigations, remove barriers to redress, and empower DPAs to take meaningful action. The regulation is not just about bureaucratic processes; it is about making GDPR enforcement a reality, ensuring that cross-border cases are handled fairly and efficiently, rather than getting lost in the complexity of the one-stop-shop mechanism.
Yet, despite its significance, this file has not received the attention it deserves. Too often, procedural law is dismissed as ‘boring’ or ‘too technical’—just another set of legal rules that seem far removed from everyday life. But this perception is dangerously misguided. In reality, this regulation underpins the very foundation of human rights online. It determines whether people […] can seek justice when their data is misused, whether harmful algorithmic profiling can be stopped, and whether the EU’s much-celebrated digital rights framework has real teeth. Many of the harms EU institutions claim to be concerned about – from misinformation to AI-driven discrimination – are exacerbated by the enforcement failures this regulation seeks to address.
Data protection is not just about privacy—it’s about power, and about many other fundamental rights. If we allow enforcement failures to persist, we allow gigantic corporations and other bad actors to control, distort, and weaponise our identities and deepen vulnerabilities. The EU must act now to ensure that GDPR enforcement becomes a reality, not just a promise.
[…]
This is some Orwellian shit right there. This kind of shit is part of the very big problem.
The hook is a scenario where someone gets doxed.
Years later, Lina was shocked to find her name and image circulating in far-right forums online.
There are some murky suggestion that connect this with “migration” or “profiling” but it’s unclear how that would make sense.
Lina tried to exercise her rights. She filed a data deletion request, but the company refused to comply. Turning to her country’s Data Protection Authority (DPA) for help, she expected a clear path to justice. Instead, she found herself trapped in a bureaucratic maze.
Indeed. A small forum outside the EU, as such far-right forums typically are, cannot be made to comply with EU law.
Technologically, scrubbing personal information from the internet is no different from scrubbing information about the Tiananmen Massacre. It can’t be done perfectly, and doing it imperfectly is totalitarian.
Unfortunately the EU is in the process of abandoning GDPR, despite it being the best thing they ever did for the internet.
https://www.politico.eu/article/eu-gdpr-privacy-law-europe-president-ursula-von-der-leyen/
As EDRi-advisor Itxaso Domínguez de Olazábal cited in the article says, “Reopening the GDPR for simplification is risky," but the whole article is not about what its title suggests. I don’t want to play this down, but it’s a bit another clickbait headline by Axel Springer media. They somehow contradict themselves in the end:
According to Austrian privacy activist Max Schrems, the GDPR is still a “huge target” for lobbyists, but its core rules can’t easily be scrapped since the protection of personal data is enshrined in the EU’s Charter of Fundamental Rights as an inalienable freedom.
“A Court of Justice would annul a GDPR that doesn’t have these core elements," Schrems said. "So if it’s where [lobbyists] want to spend their energy, be my guest, but they’re not going to get there.”
The very article you linked talks about simplifying the GDPR rules to make it easier for businesses to comply with. There is no mention of axing or abandoning the GDPR completely.
It is easy for businesses to comply with the GDPR right now: Don’t collect any data you don’t need. Done.
The only businesses having any trouble are those who are collecting excessive amounts of data in order to sell them for profit.
Not true.