Personvernombud
National data conservation authorities will need to actually respond to complaints, promptly investigate breaches, and actively pursue investigations to enforce the provisions. Many data conservation authorities are poorly resourced, particularly in comparison to large companies, and lack the capacity to play a comprehensive enforcement role. Member states should appropriate appropriate financial and human resources to data protection authorities.
Even with strong enforcement, there are still many structural challenges to achieving the GDPR’s vision of data privacy and control. For one, while the regulation requires consent before association can collect or process data, meaningful informed consent is difficult to achieve without choice. Many broad online services have few real competitors, so users are faced with either consenting to a social network’s terms or missing out on a central component of modern social or professional life. Though the Schrems may force some positive changes, the GDPR doesn’t fully address the chattels of this kind of monopoly power.
In addition, informed co sent will only become more elusive over time as advertising ecosystems become more complex. The EU regulation doesn’t directly challenge ad-driven business models that invite users to business their personal data for free online services like email, social networking, or search engines – all while using that data to create detailed profiles to sell to advertising networks. The mediocre user may consent to data processing without a true understanding of the complexities of how their data will be used, despite the regulation’s demand of clear privacy notices.