Privacy regulators say the system benefits companies, freeing them from facing investigations by different authorities in the 27-member union, potentially for the same violation.
While the GDPR’s one-stop shop was designed to streamline interactions between companies and regulators, it has caused bottlenecks and frustration. The Irish regulator’s decision to fineTwitter Inc. €450,000 ($546,000) in December was delayed several months because of disputes with regulators in other EU countries, which wanted a larger penalty. The Hamburg authority, for instance, recommended a fine between €7 million and €22 million. The violation was related to a security hole that Twitter disclosed in January 2019.
With its lawsuit, the Consumentenbond wants the Netherlands court system to require the local data protection authority to investigate a privacy complaint filed in 2018 against Google. The complaint alleges that