Extract from Linda A. Thompson’s article “Has GDPR Delivered on Its Central Promise?”
Four years after its entry into force, lawyers and businesses say the European Commission’s 2018 milestone privacy legislation, GDPR has failed to deliver on one of its key promises—to harmonize data protection principles and data privacy laws across the bloc’s two-dozen countries.
Under the General Data Protection Regulation, local data protection authorities received broadened powers to police and sanction companies that do not comply with the law, and their enforcement efforts have gradually picked up pace since 2018.
In 2021 alone, local regulators issued one billion euros worth of fines—an almost 600% increase compared to the €150 million issued in fines in 2019, the first full year the law was in effect. Approximately 85% of last year’s headline amount was accounted for by two steep sanctions against e-commerce giant Amazon and the messaging service WhatsApp. Both are under appeal.