Giovani Buttarelli, European Union’s Protection Supervisor and GDPR

Updated: Apr 13, 2020

Giovanni Buttarelli, the protection supervisor of the European Union, pointed out how results can be seen outside of Europe after countries see the benefits of GDPR. For example the 72-hr breach notification requirement and how it made an impact in the field of politics outside of Europe like California’s new privacy law.

Buttarelli is to publish a manifesto for the following GDPR projects which is in collaboration with the privacy supervisors of Europe and antitrust regulators.

The antitrust chief of the commission of, Margarethe Vestager, will be giving a keynote speech at the annual privacy commissioner’s conference held in Brussels with Buttarelli as co-host. Vestager is no stranger to taking on big tech companies such as Google fining them twice for the android fiasco. An example of two separate entities working together for a common concern – privacy.

One good example of this is Germany’s Federal Caetel Office who accused Facebook of taking advantage of its power to force its users to hand over data, the French Competition Authority is also probing the online ad market from Facebook and Google wherein a lot of problematic behaviours could be observed.

Harmful traditional competition law theories would require revision to conform to the anticompetitive conduct, specifically on removing the unfair competitive advantage when it comes to data holdings when mismatched. The antitrust regulators are now paying closer attention to big data and how data advantages can exclude and exploit.

Vestager has been very open to the public about her concerns on major tech platforms and the big data they acquire with her statement, “If a company’s use of data is so bad for the competition that it outweighs the benefits, we may have to step in to restore a level playing field.”

Buttarelli believes that EU privacy regulators will have more information if they support the investigations of the antitrust people. Buttarelli believes that the entire continent is united not only in data protection but with the digital dividend and monopoly as well.

He also admitted that the competition law will require an ample amount of time in determining the competitive harms but he promised the implementation of the reinforcements will not be a 12-year wait.

The European Data Protection Board are the ones in charge of implementing the GDPR on various platforms and is determined to provide immediate results.

There have already been thousands of complaints coming from the consumers since the privacy regime began and GDPR is giving proper enforcements through bigger fines to guarantee that companies will be disciplined and not turn a blind eye.

The recent commotions that Facebook faced according to them were expected for the company along with other tech giants are not investing enough money for their security and is in fact, relatively low compared to the other aspects of their businesses.

He also pointed out how most companies are relying on consent as a legal aspect in collecting the data of their users rather than giving them the choice to give their information or not.

An example of this is Facebook not giving its users the freedom to exclude themselves from targeted advertising and said how users can always choose to stop using Facebook should they disagree which is quite ironic for a company who claims to be compliant to GDPR.

Furthermore, he said that if having consent is inevitable, it should be written in an easier language that everyone can understand and should be free without blackmailing its users.

This will then put the complaints filed by Max Schrems who is a veteran European Data Protection Campaigner into perspective. A point of view on forced consent and how this creates an unfair disadvantage to smaller companies who don’t have as much power.

He also pointed out how there is now an observable trend among these complaints particularly on but not limited to: social media; big data breaches; rights like the right of access to information held; right to erasure.

His conviction when it comes to fines can be observed with the Cambridge Analytica fiasco and intended to fine Facebook with the maximum fine possible but was unfortunately rebuked due to it being during a time before GDPR which wouldn’t have happened should it happen now in the GDPR era.

According to article 83 of GDPR, penalties should be “effective, proportionate and dissuasive” and factors categorizing it into either an intentional or a negligent factor.

Organizations can also be required to change their processes and priorities to depending on what the EU regulators and Buttarelli sees fit as an additional safeguard.

Theoretically, GPDR could force the social network giant, and even other companies and potential violators for that matter, to reshape their business model.

This is why the data protection supervisor is pushing to innovate and debate data ethics to be able to support efforts to bring markets and business to a more humanitarian direction.