Raegan MacDonald, Senior Policy Manager and EU Principal for Mozilla, a firm renowned its support of privacy and open internet, has revealed that she believes 2019 will see increased resources invested in the enforcement of the European Union’s General Data Protection Regulation.
Commenting on the lack of financial GDPR penalties to date, she said that she expects this to change quite soon. Speaking to TNW she said: “We haven’t seen the big fines levied just yet. But I suspect that if 2018 is the year of implementation, 2019 will be the year of enforcement.”
MacDonald wadded that she believes the full GDPR impact has not yet been felt and that companies are simply doing the minimum to make it look like that are complying, or making efforts to comply, with the new legislation. She remarked: “While it is early, I haven’t yet seen that impact, although some progress is being made. Many companies have updated their privacy policies and created tools to give users more control, such as ways to request that their data be deleted. Many companies appear to be interpreting GDPR as narrowly as possible. I’m concerned that privacy is still by default put at risk without users understanding or having meaningful control.”
However, MacDonald is of the belief that the acceptance of this ‘superficial’ approach is about to shift as the local Data Protection enforcement agencies in each EU member state become more familiar with the legislation and how it is to be applied. She stated: “Starting in 2019, I expect this ‘grace period’ to end, where companies will either shape up or face serious fines by regulators. Laws are only as strong as their enforcement, and we are encouraged by the fact that many data protection authorities are starting to closely scrutinize the underwhelming implementation measures taken by some companies (and the thousands of complaints filed).”
MacDonald revealed that her company would like to see greater powers be allocated to users in relation to management of their private data: “Mozilla strongly believes that users should be given meaningful control, not just tools buried in privacy notices or deep within settings menus. And ultimately, we need strong enforcement in Europe against those companies that aren’t genuinely delivering on the principles in the GDPR.”