GDPR – The law with a bark worse than its bite?
May 25th 2018, the date that the General Data Protection Regulation came to our lives with great promises and noble ambitions. A regulation that we could all look upon as the way to protect our personal data and privacy rights and help regulate the operations of those who were super-profiting from our digital footprint, in an intrusive and unauthorized way.
In anticipation of the introduction of the GDPR across the European Union, business around the world agonized over the rumored strict nature of the legal framework and the resulting countless privacy adjustments that would be necessary, expensive and difficult to introduce in many aspects of their operations. Perhaps not since the Millennium Bug, a forthcoming event brought so much fear and uncertainty to businesses for undisrupted operations in the day-after; and possibly for the first time a significant corporate insecurity on how to ensure continuous and simultaneous compliance with a common law and different privacy regulators in an entire continent.
The aforementioned concerns quickly fueled a super demand for highly-paid privacy lawyers and a plethora of other experts that could offer assessments of the status quo versus the necessary steps in order to avoid any GDPR fines and perhaps even genuinely comply with requirements of the law. New software and hardware, modified business operations, additional staff were some of the quick fixes that could help address the immediate concerns and substantially reduce the risk for fines. These quick fixes though cost a lot of money and the long-term solutions even more.
An unfair fight
But money is not really an object for the super-profiting violators of personal data and privacy, so their armies of lawyers, technical and business experts quickly over scrutinized the GDPR, made the unavoidable adjustments and additions in no time and finally reached the conclusion that they were invited to a fight with an opponent who is destined to lose, no matter what. You see according to the worst-case scenario, the highest fine for a GDPR breach would equal to 20 million Euros or 4% of the annual global turnover, thus legally impossible to be fined to the full extent of the law and any financial exposure would be close to negligible when compared to the profits of those companies.
Making things even more difficult for the European Union, the GDPR would have to be implemented locally in every Member State, under the authority of the independent national regulator(s). This equals to a significant variance in their financial resources, available experts, political commitment and support and several other factors that are crucial to the enforcement of the law. The lack of a harmonious infrastructure in regulatory authorities, assured and substantial resources availability and finally meaningful political backing, result to fragmented, uncoordinated and at best limited enforcement and results.
This unfair fight is in essence responsible for the restricted benefits that people around the EU have received up to this point from the GDPR. Corporate compliance and governance is the priority of the regulatory authorities but with a very limited number of fines given to violators so far. The public awareness that GDPR has brought with regards to the abuse of personal data and privacy has made people ask the question, “what’s in it for me” from these fines? Any funds received from fines are strengthening national budgets and regulatory authorities, but the inequality cannot be bridged, not now, not ever. To put things into perspective, it is estimated that the highest annual budget of an EU regulator is significantly less than half of the daily turnover of one of the Digital Giants that are on their radar*.
Another illustration of the imbalanced terms of this fight would be the case of the Republic of Ireland. It is a well-known fact that most tech giants have their European Union headquarters in this small country, with more than $54 billion in local investments. As a matter of fact, Ireland is the EU home of 9 of the top 10 global software companies and of 9 of the top 10 US technology companies. In 2020, the annual budget of the Data Protection Commission, the Irish national independent authority for data protection, was €16,9 million.
What’s in it for me?
myGaru is the first pragmatic and serious response to the ‘what’s in it for me” question from the EU’s general public. GDPR provides the legal basis for a number of actions that drastically reduce the exploitation of our personal data and the unauthorized intrusion of privacy in our digital lives. myGaru in close cooperation with some of the world’s leading privacy law experts, has developed a set of legal tools that work hand-in-hand with some of the most innovative technologies, to bring tangible and meaningful benefits from GDPR directly to its users, free of charge.
In 2019, myGaru commissioned YouGov, a leading global public opinion and data company, to conduct a primary research in the UK population on the rights of individuals with regards to their personal data and online privacy. One of the most revealing findings of the research was that only 24% of the UK population believed that they are the rightful owners of their online data shared on social. Systematic and intentional disinformation, confusing and misleading messages are some of the tools expertly used by GDPR violators to promote a “new normality” that is manipulating the perception of reality by so many.
According to the same research, 84% of the participating population declared that they are either quite or very concerned with the way their private data and information on their online behavior are being shared with third parties. These concerns however remain largely unaddressed by the current enforcement of the GDPR and the actual options available to them.
With myGaru, the general public for the first time gains access to free and permanent legal defense of their personal data and privacy rights versus any unauthorized and abusive activities, reaching up to actual litigation (class action lawsuits) with all rewarded compensations paid to the myGaru users whose rights were violated.
myGaru constantly monitors all legal and political developments that could further enhance its services and seeks the advice of highly skilled professionals in further enhancing the protection mechanisms for our users. All proceedings of legal nature are overseen by the myGaru Public Board, an independent entity that was established with the purpose of ensuring the maximum transparency in our activities and receiving objective guidance for continuous improvement.
myGaru aspires to complement the activities of national regulatory authorities, not replace them. myGaru is the first technology-legal solution that enables individuals to defend their personal data and online privacy rights; fundamental rights that are relentlessly deprived by enforcers of unethical and super-profitable business practices. myGaru users are the first individuals that are part of a more secure, fair as well as rewarding digital footprint and a better tomorrow.
*Based on data included in the New York Times article by Adam Satariano “Europe’s Privacy Law Hasn’t Shown Its Teeth, Frustrating Advocate”