|
|
|
|
|
|
by AndyMcConachie
2158 days ago
|
|
|
The achilles heel of the GDPR is that you must act through a DPA. In the case of the Shrems he had to basically sue the Irish GPA in order for them to do their job. And instead of actually doing their job, the Irish DPA instead fought Shrems on behalf of Facebook. As an EU citizen and resident, it's abundantly clear to me that getting a DPA to act in my best interest is mostly hopeless. I'm reminded of the CANSPAM Act where a US citizen can send their spam to the FTC and have them investigate it. Only they never will. All spam sent to the FTC just goes into blackhole, and next to no one is ever prosecuted. Even when it's clear who the spammer is. I don't think many people realize this fact. That a politically motivated entity controls European's access to privacy restitution, and they're rarely motivated to actually do anything. This makes the GDPR is my eyes primarily a joke. It certainly isn't about securing my rights as an EU citizen. It seems more written to benefit lawyers and others who make money because things are complicated. If the EU actually cared about my privacy rights they would allow all Europeans access to restitution without mediating it through national agencies. I want to be able to hire a lawyer and directly take abusive firms to court over GDPR violations. I shouldn't have to act via some pre-court mediator who gets to arbitrarily determine if my claims have merit. |
|
|
> Without prejudice to any available administrative or non-judicial remedy, including the right to lodge a complaint with a supervisory authority pursuant to Article 77, each data subject shall have the right to an effective judicial remedy where he or she considers that his or her rights under this Regulation have been infringed as a result of the processing of his or her personal data in non-compliance with this Regulation.
> Proceedings against a controller or a processor shall be brought before the courts of the Member State where the controller or processor has an establishment. Alternatively, such proceedings may be brought before the courts of the Member State where the data subject has his or her habitual residence, unless the controller or processor is a public authority of a Member State acting in the exercise of its public powers.