The European Commission has proposed changes to the GDPR aimed at enhancing cooperation between Data Protection Authorities (DPAs) working on cross-border enforcement.
The rule is the result of a “list of wishes” sent to the European Commission in October 2022 by the European Data Protection Board (EDPB), which runs the dispute resolution process when the DPA cannot agree on how to proceed.
It was the most high-profile event earlier this year, when the Irish DPA disagreed with other national authorities over a case against Meta, ultimately leading to a record €1.2 billion ($1.3 billion) fine. .
Read more about the GDPR lawsuit: WhatsApp fined €5.5 million for GDPR violations
The GDPR has a “one-stop-shop” rule, where the leading DPA is chosen depending on the EU member state in which the entity under investigation is based.
However, with most of the major US tech companies headquartered in Ireland, some of the most high-profile cross-border lawsuits have led to conflicts between the Irish Data Protection Commission (DPC) and other domestic DPAs. There is tension between them.
Since the GDPR came into force, over 2,000 one-stop-shop cases have been created in the EDPB’s case register.
The Commission’s new proposal aims to harmonize procedural rules to improve co-operation and decision-making consistency among DPAs. they do the following:
- Establish a common right to a hearing when complainants are dismissed in whole or in part
- Provide the party being investigated the right to be heard at key stages of the proceedings, such as during EDPB dispute resolution
- Enhancing the DPA’s influence on cross-border cases by enabling the DPA to provide input, conduct joint investigations, and provide “mutual assistance” early in an investigation, and reach agreements early in the investigation. can be formed to reduce subsequent disagreements.
“While independent authorities are making great efforts, the time has come to enable us to act in a more rapid and decisive manner. In serious cases that could come out,” argued Vera Zoulova, the European Commission’s Vice-President for Values and Transparency.
“Our proposal ensures smooth cooperation between data protection authorities, supports stronger enforcement and lays out rules to the benefit of both citizens and businesses.”
Sonia Cissé, TMT/IP partner at Linklaters, argued that businesses need to rest assured that GDPR remains flexible.
“This new draft GDPR implementation law puts data subjects back at the center and gives them the opportunity to be more involved in the complaints process,” she added.
“This is clearly consistent with the principles set out in the latest drafts and regulations: giving individuals back control over their data and the means to protect themselves from the excesses seen in the digital realm. is.”
