That's a very far cry from the claim that the EU serves at the pleasure of US megacompanies, in fact it documents the opposite: the US megacompanies try everything they can to game the system but end up being fined by the EU in amounts that definitely move the needle. The GDPR is EU law, not country law.
Whether member states are able to act effectively with companies playing both ends against the middle is another matter entirely and is exactly why the EU is serving its purpose: it forces the whole to act as a bloc rather than as individual states that you can drive wedges between, of course that won't stop parties from trying.
EU anti-trust and EU privacy law has so far served its purpose very well and if they really were in the pocket of big tech I am pretty sure I would have noticed.
google analytics has been deemed illegal by several EU countries, both the data regulators but also courts.
whats happening? where is the EU fining companies and users(companies) left and right?
the safe harbour/privacy shield agreements were invalidated by EU courts, yet data transfer happens in amounts that are unchanged, where is EU? nothing has changed. the EU ignores everything here because they dare not do anything to upset these US megacompanies. Sure, a fine here and there, doesnt change anything.
Yes that's why I said I agree with your overall point.
But laws such as GDPR are only as good as their enforcement. It would be better if there was a European privacy regulator directly under the EU instead of big tech being able to cherry pick the country that gets to supervise them.
But no the EU is not serving the US big tech industry no. I'm just remarking that the system isn't perfect and there doesn't seem to be a whole lot of drive to improve it.
So far most of the rulings have followed the pattern predicted before the GDPR was enacted, and the fines have been rising steadily for repeat offenders.
FB is asking to be made into an example. And yes, you are right, an EU privacy regulator would be good to have but the EDPB is doing a reasonably good job of supervising the member states so far and as the law becomes more settled (and respected) I would expect differences between countries to be leveled. Time will tell.
When the GDPR was rolled out, the message was very clear: our goal is compliance, not maximum fines. So first someone has to complain. Then they investigate. If things are not OK, you first get a warning, and if you get your act together, all is good. If you don't, you get a fine, and the fines will escalate.
So it takes a bit, by design and intention. But it will get there, and 4% of global revenue is nothing to sneeze at...
Whether member states are able to act effectively with companies playing both ends against the middle is another matter entirely and is exactly why the EU is serving its purpose: it forces the whole to act as a bloc rather than as individual states that you can drive wedges between, of course that won't stop parties from trying.
EU anti-trust and EU privacy law has so far served its purpose very well and if they really were in the pocket of big tech I am pretty sure I would have noticed.