Connect with us

Hi, what are you looking for?


We still need to talk about data protection

Wojciech Wiewiórowski is the European Data Protection Supervisor.

When you’re a regulatory authority responsible for compliance, being called a “rulebreaker” doesn’t happen every day — but it’s what happened to me.

Nominated to this year’s POLITICO Tech 28 list, my profile read, “Wiewiórowski is making waves.” He’s “broken a Brussels taboo,” “daring to question whether the EU’s flagship General Data Protection Regulation is up to scratch.”

I remember reading these words for the first time and feeling a sense of pride in the institution I have the honor to lead — and a sense of worry. If questioning how to better bring practices into compliance and pointing out problems in your own backyard are seen as controversial, this says something about the state of public debate — at least with respect to the protection of fundamental rights.

While data protection is sometimes perceived as technical and bureaucratic, the GDPR, which encapsulates Europe’s rules for data protection and privacy, probably remains one of the most well-known pieces of legislation in the world — particularly among EU citizens. And though data protection existed before it, the new regulation was needed to step up compliance across the bloc, using stronger enforcement mechanisms to ensure greater protection of individual rights.

Though enforcement is only a tool for accomplishing this primary objective of the GDPR, the mechanism and means through which it’s achieved remain prominently relevant. And what the last four years have shown is that where enforcement lacks, so does an individual’s ability to have their rights realized.

Along these lines, in September 2021, our plans to organize a conference on GDPR enforcement, scheduled to take place in Brussels this June, were first reported. Back then, the conference was described as one raising political concerns and dissatisfaction. Even just the idea of naming and addressing such issues wasn’t exactly welcome, let alone speaking about hypothetical solutions, such as centralizing enforcement.

However, if the floodgates of discussion had been firmly closed back then, in the following months, they began to leak. The next big political stir came when Commission Vice President Věra Jourová boldly proclaimed: “Either we will all collectively show that GDPR enforcement is effective or it will have to change and . . . any potential changes will go towards more centralization.”

Since then, there’s been a steady stream of discussion. The topic of the regulation’s efficacy and potential improvement has been debated at hearings at the European Parliament, at meetings of the European Data Protection Board and at conferences, to name only a few examples.

I’m glad that what was once taboo — merely acknowledging there may be structural issues behind the malfunctioning of the GDPR — is now not only being internalized, but ideas of how to address them, including potential legislative initiatives, are being shared and floated by more voices and stakeholders.

But we must acknowledge that the discussion is far from over — in fact, it hasn’t even really begun.

We need genuine debate on whether current data protection legislation — proposed 10 years ago, adopted six years ago, and in application for the last four years — is actually serving people in the way it was designed to. Whether it protects everyone equally and sufficiently; whether the intention behind it has been fulfilled.

I sincerely hope we’re now ready for such a conversation. A debate in which what actually matters is the individuals, not the political interest of stakeholders. Defending the status quo should never be a principle on its own.We owe it to EU citizens to continuously evaluate where we are and where we should go. This is how the bloc has developed, and how it has subsequently achieved so much. 

There’s still much to be done by the data protection community and by the European Data Protection Supervisor (EDPS) itself. Let our upcoming conference be the next chapter in this story. And if creating a public platform for honest discussion and dialogue about the future of data protection is seen as breaking the rules, then so be it.

It’s time a culture of protection of fundamental rights is no longer a radical dream, but an obvious reality.

Click to comment

Leave a Reply

Your email address will not be published.

You May Also Like


Press play to listen to this article The European Union is working to revamp its flailing 5G rollout and has Big Tech’s largest platforms...


Press play to listen to this article WASHINGTON — The imprisonment of a prominent Vietnamese environmental activist has forced U.S. and EU climate negotiators...

Foreign Policy

Israeli Foreign Minister Yair Lapid lashed out at EU foreign policy chief Josep Borrell over a visit to Tehran aimed at reviving negotiations over...


The death toll during a migrant incursion into the Spanish enclave of Melilla has risen to 23, Moroccan authorities said. About 2,000 people tried...


Press play to listen to this article It’s difficult to cajole developing countries to abandon coal while reopening your own coal-fired power plants. That’s...

Foreign Policy

LONDON and BERLIN — Is Britain missing Angela Merkel yet? Boris Johnson arrives in Bavaria on Sunday for the annual G7 summit of world leaders,...


European leaders are voicing dismay and outrage about the U.S. Supreme Court decision stripping the legal right for women to obtain an abortion.  “Making...


When leaders from the G7 group of leading developed economies gather in the Bavarian Alps on Sunday, they will have very different visions of...