European privacy regulators must enforce European privacy laws more rigorously. Violation of the AVG often has little to no consequences in practice.
This was said by privacy activist Max Schrems in an interview to mark the 20th anniversary of the European privacy regulator EDPS. Schrems is founder and honorary president of none of your business (NOYB), a European nonprofit organization for Digital Rights.
"(...) if you are a big-tech company, or even an average company, it has very little impact if the law is violated," Schrems said. According to him, the law should be strictly enforced. In practice, however, many regulators still appear to focus a lot on education. Companies that violate the AVG do not receive an immediate fine but first receive a warning to stop doing so.
Moreover, some regulators do not publish their decisions, which means that fines or reprimands are not a deterrent. Schrems is also critical of the level of fine amounts. "We know that Sillicon Valley in particular thinks that if you only pay one or two percent a year as a 'privacy tax,' you can just keep going."
Click here for Max Schrems' interview.
