When the European Union put the General Data Protection Regulation (GDPR) into force nearly three years ago, the expectation was Europe’s then-28-member bloc would enforce data protection in the same way. Such hopes now look premature.
Notwithstanding disagreements between different data protection authorities (DPAs) about how punitively they should enforce the GDPR, it now appears some jurisdictions have found local laws can either take priority or overrule it altogether.
