<https://www.politico.eu/article/we-have-a-huge-problem-european-regulator-de...> More than 18 months after the European Union began implementing the world’s toughest privacy law, the bloc's ability to rein in Big Tech is increasingly in doubt amid growing frustration over a lack of enforcement actions and weak cooperation on investigations. Passed in May 2018, the General Data Protection Regulation (GDPR) was largely viewed as a model for the United States and other nations struggling to find effective limits on data collection by technology companies. There was little doubt that, given the breadth of the law and the many suspected violations by global tech firms, there would soon be heavy fines or, at least, sanctions that would force Big Tech to change its operating methods. But that promise has not been fulfilled. Aside from a €50 million fine <https://www.politico.eu/article/france-hits-google-with-e50-million-fine-for...> that France's privacy regulator imposed on Google in January, there have been no fines or remedies levied at a U.S. giant since the GDPR came into effect. And the two nations most directly responsible for policing the tech sector — Ireland and Luxembourg, where the largest tech firms have their European headquarters — have yet to wrap up a single investigation of any magnitude concerning a U.S. firm. Now the Irish regulator which oversees Google, Facebook, Microsoft and Twitter, among other giants, says that its first decision will not be delivered until early next year, adding to previous delays. Probes take time because Europe's law is untested and cases need to stand up to the scrutiny of all 28 EU nations, as well as in national court. Ireland and Luxembourg have faced special scrutiny because so many U.S. tech companies have set up shop in those tiny nations, which have actively courted them thanks to a mix of low corporate tax rates and business-friendly regulation. Those close relationships have created a strong degree of economic dependency, particularly in the Irish case <https://www.politico.eu/interactive/ireland-blocks-the-world-on-data-privacy...>, which raises questions as to whether these countries are best suited to regulating Big Tech. Now, regulators in other countries are speaking out about their doubts. Hamburg's data protection authority says that the current “one-stop-shop” system, in which many major investigations are carried out by authorities in Dublin or Luxembourg, creates serious bottlenecks and an "unsatisfactory" situation for millions of web users. "After nearly one and a half year we must concede that we have a huge problem with the enforcement of cross border processing especially by globally acting companies," a spokesperson for the authority, one of 16 in Germany, told POLITICO, referring to cases that concern web users in more than one country. “It is absolutely unsatisfactory to see that the biggest alleged data protection violations of the last 15 months with millions of individuals [concerned] are far away from being sanctioned." Luxembourg’s regulator declined numerous requests for comment. Irish privacy chief Helen Dixon insisted in an interview that the delays have to do with the complexity of enforcing a new law. [...]