this post was submitted on 03 Oct 2023
112 points (96.7% liked)
Europe
8324 readers
1 users here now
News/Interesting Stories/Beautiful Pictures from Europe 🇪🇺
(Current banner: Thunder mountain, Germany, 🇩🇪 ) Feel free to post submissions for banner pictures
Rules
(This list is obviously incomplete, but it will get expanded when necessary)
- Be nice to each other (e.g. No direct insults against each other);
- No racism, antisemitism, dehumanisation of minorities or glorification of National Socialism allowed;
- No posts linking to mis-information funded by foreign states or billionaires.
Also check out [email protected]
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I’m aware of enforcementtracker.com which is used to show that some cases are cherry picked for enforcement. 2000 cases is an embarrassment. I would love to see an “unenforcement·com” service where we can all publish our reports that get irrationally dismissed or mothballed. I’ve filed reports on dozens of #GDPR violations over the years and not a single act of enforcement resulted. One report was dismissed instantly by a 1st tier office worker on bogus rationale.
To worsen matters and exacerbate the problem, some member state’s DPAs operate in a non-transparent fashion so your report is concealed even from yourself and you get zero progress information or interaction. You only get notified in the end if an enforcement action was taken. They’ve never contacted me to provide more info on any of my reports either, which suggests no slight amount progress either.
That’s beyond me. I recall reading about that decision that came out of some high court in Austria and the report said that it set a precedence for the whole EU.
What I’ve seen in the US is that any lawyer can use any other case as a precedent for the court to consider even if the case happened in a different state, but there are varying degrees of utility. The lower the court, the less weight the result carries. And when a result from a different jurisdiction is used, it still has merit but less so than cases in the same jurisdiction.
I know in Europe it’s the same as far as highness of a court & proportional weight. The lowest of court decisions are used in aggregate. But I’m a bit fuzzy on crossing jurisdictional boundaries on EU-wide law.
Note that the GDPR has a specific consistency clause. Outcomes in different member states must be consistent for similar violations. Perhaps the Austrian decision is relevant EU-wide because of this consistency requirement.
So it doesn't exist and you have no statistics to support your claim beyond personal anecdotes.
Yes the US have are a common law country and have a national legal framework.
Most EU countries have civil law so other courts decisions are not legally binding, only the word of the law is. Also beyond EU directives and the ECJ, each country still has its own independent legal system.
You mean Art. 63?
It doesn't seem to mention courts at all.
I certainly don't see how it would make decisions of regional courts binding in other countries.
Trusting the accuracy of my experience is a problem for you, not me. I’ve seen the dysfunctionality many times over 1st hand & I’ve often heard other GDPR complainants say the same. I’ve been to privacy conferences where speakers talk about how their complaint citing many different violations would be acted on on the basis of just one of the violations. Someone from Noyb said a DPA cherry-picked 1 out of 6 or so violations and enforced it. But then the other violations simply got ignored. And their complaint about the ignored complaints was also ignored. I’ve seen the same, where the front desk gave a bogus rationale that (even if correct) could only possibly refute 1 out of my ~8 or so cited violations.
The problem is widespread enough that Digital Courage plans to ask the EU to write a new law that actually forces DPAs to enforce article 77. Watch for it.
The word of law can be very ambiguous. Even in Europe. It still needs interpretation.
This is what happened when a data subject demanded that a data controller list who they share the data with. The letter of the GDPR law says they only have to mention categories of info that’s shared, not who it is shared with. So the data controller refused the request. That clause was recently (this year) “interpretted” such that data controllers actually do have to state who they share with (which contradicts the word of law). It’s a good outcome for consumers, but a contradiction that proves you cannot rely on the word of law in Europe.
You can ask the source’s author (Noyb) directly yourself how an Austrian court decision had EU-wide impact.