Critics say investigations take too long and fines are too
low to deter privacy breaches by Big Tech companies, undermining the goal of
landmark EU rules known as the General Data Protection Regulation which came
into force in 2018.
The Irish Data Protection Commissioner (DPC), the EU lead
regulator because many of the world's largest technology companies are based in
Ireland, has also attracted criticism from its peers for its fines, seen by
some as too low.
"The harmonisation of these procedural aspects will
support the timely completion of investigations and the delivery of swift
remedies for individuals," the Commission said.
The new rules require the main privacy authority to share a
summary of key issues with its peers, allowing them to provide feedback at an
early stage and also set out common deadlines for cross-border cooperation and
dispute resolution.
Complainants have the right to be heard in cases where their
complaints are fully or partially rejected and also to be properly involved
should regulators decide to investigate their grievances.
The new rules also give companies under investigation the
right to be heard at key stages in the procedure and to access the file.
Privacy activist Max Schrems who has filed complaints
against Meta Platforms and Alphabet's Google criticised the new procedures.
"The Commission proposal seems to be technically and
materially flawed and rather strips citizens of existing rights than ensuring their
enforcement," he said.
Tech lobbying group The Computer & Communications
Industry Association said the rules fall short when it comes to the right of
companies to appeal and the right to a fair hearing with a realistic timeframe.
© Reuters