The European Commission has proposed changes to the GDPR intended to improve cooperation between Data Protection Authorities (DPAs) working on enforcement in cross-border cases.
The rules are the outcome of an October 2022 “wish list” sent to the Commission by the European Data Protection Board (EDPB), which operates a dispute resolution process when DPAs can’t agree on a way forward.
That happened most famously earlier this year, when the Irish DPA disagreed with other national authorities about a case against Meta which ultimately led to a record €1.2bn ($1.3bn) fine.
Read more about GDPR cases: WhatsApp Hit with €5.5m fine for GDPR Violations
The GDPR has a “one stop shop” rule whereby the lead DPA is selected according to the EU country in which the entity under investigation is based.
However, with most US tech giants headquartered in Ireland, some of the highest-profile cross-border cases have created tension between the Irish Data Protection Commission (DPC) and other national DPAs.
Since the GDPR came into force, over 2000 one-stop-shop cases have been created in the EDPB’s case register.
The European Commission’s new proposals are designed to harmonize procedural rules to improve cooperation between DPAs and consistency of decision making. They will:
- Establish common rights for complainants to be heard in cases where their complaints are fully or partially rejected
- Provide parties under investigation with the right to be heard at key stages in the procedure, including during EDPB dispute resolution
- Enable DPAs to provide their views early on in investigations, conduct joint investigations and provide “mutual assistance,” thus enhancing their influence over cross-border cases, building consensus early in investigations and reducing later disagreements
“While the independent authorities are doing a tremendous work, it’s time to ensure we can operate faster and in a more decisive way. Especially in serious cases in which one violation may have many victims across the EU,” argued Commission vice president for values and transparency, Věra Jourová.
“Our proposal lays down rules to guarantee smooth cooperation among data protection authorities, supporting more vigorous enforcement, to the benefit of the people and businesses alike.”
Credit: Source link
Comments are closed.