A recent survey by the European Commission has shown that only two-thirds of Europeans had heard about the GDPR and most did not know how to exercise the rights given to them under the new law. That said, a large majority said they did not read the online privacy policies that likely contain an explanation of those rights because they were too long.
Marking the law's first anniversary, Věra Jourová, the European Justice Commissioner responsible for implementing the General Data Protection Regulation (GDPR), announced "We're launching today a campaign to encourage citizens to optimize their privacy settings." The European Commission appears to be putting in place a plan to reinvigorate and reinforce the law. The European authorities want to encourage individuals to take control over the use of their personal data – and, it seems, stop tech companies (be they mobile app providers, internet service providers and social media companies) from gathering excessive amounts of personal data. The Commission plans to issue a report assessing the full impact of the law later this year.
One aspect on which the Commission intends to focus is how the various EU countries and regulators are applying and enforcing the law. A principal aim of the GPDR was to generate harmony in the rules governing data protection across the EU which had until then been diverging in principles, application and enforcement, despite all supposedly stemming from the same EU level Directive. Some countries – Greece, Portugal and Slovenia, for example – have not even adapted their national laws to comply with the GDPR and show signs of diverging from important principles. The Commission is keen to bolster the harmonisation of data privacy rules in line with the GDPR’s aims, ensuring Member States apply and enforce the same rules, thereby removing obstacles faced by companies offering digital services in different European markets.
Further details on the Commission’s plans will be revealed later this year – it will be interesting to see how far they go in responding to requests to shorten privacy policies while at the same time ensuring users are fully aware of their rights.