The European Commission will propose a new law before the summer that’s aimed at improving how EU countries’ privacy regulators enforce the GDPR. This from a page on its website indicating the plan. The new EU regulation expected in the second quarter of 2023 wants to set clear procedural rules for national data protection authorities dealing with cross-border investigations and infringements. The law “will harmonize some aspects of the administrative procedure” in cross-border cases and ” support a smooth functioning of the GDPR cooperation and dispute resolution mechanisms,” the Commission wrote.
The Commission wants to keep the upcoming regulation very targeted and limited — partly because it is bracing for tense discussions with data privacy watchdogs, campaigners, and Big Tech lobbyists.
This is pulling generously from Politico EU.
Why do we care?
GDPR is a big deal – even if you’re an American company. The Europeans reexamining the law, using their scalpel to find ways to make progress on enforcement and smooth out the process, is the next logical step.
Compare and contrast to the US. While privacy laws were discussed, they died in the last Congress… and that chatter is all silenced. And if you wonder why it matters here, any sizeable multinational company – you know, everyone doing SaaS – is going to build once and deploy everywhere so that it will be GDPR compliant. Americans will get all the downside with none of the upside. And that’s why we care.