A senior European Commission official warned today that the bloc’s privacy rules may have to change to put more power in the hands of EU institutions, wading into a debate that has plagued the GDPR almost since its inception.
Breaking with the orthodoxy of Europe’s privacy rulebook, the General Data Protection Regulation, Commission Vice President Věra Jourová said: “Either we will all collectively show that GDPR enforcement is effective or it will have to change and … any potential changes will go towards more centralization.”
The changes would most likely put more powers into the hands of the EU executive or the Europe’s network of privacy regulators, the European Data Protection Board (EDPB), she told delegates at a conference in Brussels.
The comments will weigh heavily into a debate on who should have the right to enforce the bloc’s privacy rules between member countries where Big Tech companies have established their headquarters — namely Ireland and Luxembourg — and major institutions like the European Commission, the European Data Protection Supervisor’s (EDPS) office, in charge of policing EU institutions, and the EDPB.
EDPS chief Wojciech Wiewiórowski is among those who have been leaning toward reform of the GDPR system.
His office is putting on a conference next summer to discuss “alternative models of enforcement of the GDPR, including a more centralized approach.”
“This is something that we take into consideration as one of the possible outcomes,” he said when asked by POLITICO whether the bloc’s privacy rulebook, the GDPR, would benefit from a more centralized enforcement model.
But the chair of Europe’s network of privacy regulators, Andrea Jelinek, is not calling for immediate changes.