European data protection authorities are woefully underfunded, finds study

European data protection authorities are woefully underfunded, finds study

ICO finds DfE seriously violated data protection rules

A vast majority of Europe’s governments are failing the GDPR by failing to allocate sufficient resources or manpower to their data protection authorities to monitor tech infringements of the data security regulation, research has revealed.

A study conducted by web browsing service provider Brave recently revealed that European governments have not sufficiently equipped their data protection national authorities to enforce the GDPR.

According to Brave, very few expert tech investigators are working to uncover private sector GDPR breaches and as a result, even when a data breach is identified, DPAs hesitate to use their powers against major tech firms because they cannot afford the cost of legally defending their decisions against ‘Big Tech’ legal firepower.

“If the GDPR is at risk of failing, the fault lies with national governments, not with the data protection authorities. Robust, adversarial enforcement is essential. GDPR enforcers must be able to properly investigate ‘big tech’, and act without fear of vexatious appeals. But the national governments of European countries have not given them the resources to do so. The European Commission must intervene,” he added.

The study revealed the following facts with reference to GDPR enforcement across Europe:

  • Only five of Europe’s 28 national GDPR enforcers have more than 10 tech specialists.
  • Half of EU GDPR enforcers have small budgets (under €5 million).
  • The UK Government’s privacy watchdog (ICO) is Europe’s largest and most expensive to run. But only 3% of its 680 staff is focussed on tech privacy problems.
  • The Irish Data Protection Commission is Google and Facebook’s ‘lead authority’ GDPR regulator in Europe. But while the number of complaints it deals with is accelerating, increases to its budget and headcount are decelerating.
  • Since 2018, ICO’s budget has increased from €30 (£26.2 million) to €61 million (£53.3 million).

Talking about the increasing investment in tech specialists, a spokesperson from the Information Commissioner’s Office told IT Pro that “the ICO recognises the vitally important role of technical specialists in addressing data protection and privacy concerns, and this is reflected in our priorities and technology strategy.”

“While we are not yet at the level of capacity and capability we are planning for we will continue to invest significantly in this area,” the spokesperson added.

Colin Truran, Principal Technology Strategist at Quest, told Teiss that “we knew GDPR would open up a can of worms from the outset, and it was reported that the data protection authority would struggle to have the resources to cope, so to some extent this is not a surprise. However, with that all said and done, it begs the question why only 3% of the UKs ICO staff is focusing on tech, when many of us would consider that to be a starting point.

“Tech giants often have trouble balancing data privacy with business goals, but data protection should not be designed to just go after the obvious targets. It’s also about making sure that every organisation has data privacy high up their action list and not just thinking that if they keep their heads down they will go unnoticed. We need to have a balanced approach as any organisation large or small, tech or charity has the potential to hold and subsequently lose personal information,” he added.

ALSO READ: Is the ICO all carrot and no stick? Security Leaders discuss!

Copyright Lyonsdown Limited 2021

Top Articles

UK to boost the use of digital identities to prevent impersonation fraud

The government is putting in place plans to raise the legal status of digital identities to make them as widely acceptable as driver’s licenses and bank statements.

Beware the homoglyph: Microsoft warns about the malicious use of imposter domains

Microsoft is warning businesses about malicious cyber actors setting up malicious homoglyph domains to perpetrate fraud.

A red-teamer explains: Multi-factor authentication bypass techniques

Multi-factor authentication may be less secure than you think if your IT system security is designed or implemented badly. Red-teaming can help keep you secure

Related Articles

[s2Member-Login login_redirect=”https://www.teiss.co.uk” /]