

Discover more from DPOInsider
The DPOInsider covers the latest news and developments in data compliance and privacy. The DPOâs favourite weekly read âïž
Hello and welcome to another edition of the DPOInsider.
A special hello to those who have subscribed since last weekâs edition. Thanks for joining. You can see all of our previous editions here.
The GDPR is four years old
Time is going past so quickly, etc etc. Yes, thatâs right, itâs four years this week since the day when we all received a hundred emails from organizations that we didnât know, asking us if they could continue to contact us.
Joking aside, what have we learned since the implementation of GDPR? Whatâs changed?
Well, apart from âŹ1.7 Billion in fines, it could be argued that the GDPR hasnât had a decisive effect on eliminating the misuse of personal data.
These things take time, of course. But IMO, the GDPR faces the following challenges:
A culture of hostility from businesses. I canât remember any other legal requirements routinely positioned as âkilling innovationâ. For example, itâs rare to see tax laws ridiculed in the same way.
Technical limitations - many businesses struggle with implementation across national borders, and with vast, fluid data sets within their organization, itâs hard for them to implement a technical solution.
Lack of enforcement from DPAs. Despite significant name cases attracting news headlines and increasing fines in the past year. Iâve heard of many open investigations.
So far, the failure to entirely shift the view that privacy and compliance can be a business enabler.
So, in short, we are moving in the right direction. But thereâs still a lot of work to be done. Hereâs to the next four years!
Twitterâs turn in the spotlight
Step aside, Google. Itâs Twitterâs turn to get a nasty slap on the wrist. This week, the tech company was hit with a $150 million fine for misusing phone numbers and emails in its ad targeting solutions.
The data was collected for security reasons. Even Elon Musk chimed in on the news:

Itâs unclear whether this was simply a mistake. As we mentioned with Google last week, these fines are great examples to check our governance and compliance implementation at our own organizations.
EU at the forefront of a global data privacy agreement
It seems that the EU is highlighting the need for a global data privacy agreement.
According to the Wall Street Journal, European Data Protection Supervisor Wojciech WiewiĂłrowski said, âThere is a need for more world-wide convergence.â around global privacy laws. Whilst other European officials recently said that Russiaâs invasion of Ukraine highlights the need for a âglobal data privacy agreementâ.
Separately, During a Washington, D.C., visit this week, a delegation of seven members of the European Parliamentâs Civil Liberties Committee met with legislative and administrative leaders.
Committee Chair Juan Fernando LĂłpez Aguilar said Parliament âwants a robust, effective and data protection compliant system for international data flows that provide the adequate level of data protection for EU citizens.â
Weâll continue to monitor this as it develops, but there are a number of barriers to a global solution. For now, the need to protect personal data as it flows between regions and jurisdictions isnât going away.
Notable links:
DuckDuckGo allegedly has a tracking deal with Microsoft. This is a potential disaster from the âprivacy-firstâ browser.
I tried not to take too much of a walk along memory lane with the GDPR content above. But for those interested in a touch of lighter reading around that fateful GDPR day, check this out.