HideTechdirt is off for the long weekend! We'll be back with our regular posts tomorrow.
HideTechdirt is off for the long weekend! We'll be back with our regular posts tomorrow.

EU Explores Making GDPR Apply To EU Government Bodies... But With Much Lower Fines

from the good-for-the-goose,-not-so-good-for-the-gander dept

We recently wrote how various parts of the EU governing bodies were in violation of the GDPR, to which they noted that the GDPR doesn't actually apply to them for "legal reasons." In most of the articles about this, however, EU officials were quick to explain that there would be new similar regulations that did apply to EU governing bodies. Jason Smith at the site Indivigital, who kicked off much of this discussion by discovering loads of personal info on people hosted on EU servers, has a new post up looking at the proposals to apply GDPR-like regulations on the EU governing bodies itself.

There are two interesting points here. First, when this was initially proposed last year, the plan was to have it come into effect on the very same day as the GDPR went into effect: May 25, 2018, and that it was "essential" that the public understand that the EU itself was complying with the same rules as everyone else.

Essential however, from the perspective of the individual, is that the common principles throughout the EU data protection framework be applied consistently irrespective of who happens to be the data controller. It is also essential that the whole framework applies at the same time, that is, in May 2018, deadline for GDPR to be fully applicable.

Guess what didn't happen? Everything in the paragraph above. The EU forced everyone else to comply by May of this year. But gave itself extra time -- time in which it is not complying with the rules and brushing it off as no big deal, while simultaneously telling everyone else that it's easy to comply.

Also, while the GDPR puts incredible fines on those who fail to comply... the fines for if the EU doesn't comply (if this rule ever actually goes into effect) are much more limited. Under the GDPR, companies can be fined 20 million euros or 4% of revenue, whichever is higher, meaning that any smaller company can be put out of business, but the plan for the EU itself is for fines to top out at €50,000 per mistake, with a cap of €500,000 per year.

Must be nice when you're the government and can make different rules for yourself, while mocking anyone who thinks that the rules for everyone else are a bit too aggressive and onerous.

Filed Under: double standards, eu, eu commission, eu parliament, gdpr, high court, low court

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. identicon
    Anonymous Coward, 12 Jun 2018 @ 5:34am

    since when do any rules that apply to everyone else ever apply to the rich, the famous (and their friends) to politicians or, of course, to governments? the way the whole world is being transformed now is into one that is controlled completely by the powerful with absolutely every 'right' being removed from us, the ordinary people! we are being spied on 24/7 and even the slightest of indiscretions are punished far beyond what is just or necessary, but done simply to 'keep us in line'!

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown for basic formatting. (HTML is not supported.)
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Shop Now: Techdirt Logo Gear
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.