The European Commission has put forward a proposal for a new regulation aimed at strengthening the enforcement of the General Data Protection Regulation (GDPR) in cross-border cases. The regulation seeks to streamline cooperation between data protection authorities (DPAs) when dealing with cases that impact individuals in multiple EU Member States.
The proposed regulation introduces concrete procedural rules for DPAs, ensuring a smoother and more efficient application of the GDPR. One key provision is the obligation for the lead Data Protection Authority to share a summary of key issues with relevant counterparts, enabling early collaboration and reducing disagreements among authorities.
For individuals, the new rules provide clarity on the complaint submission process and guarantee their involvement throughout the investigation. Businesses will benefit from clarified due process rights when facing a DPA investigation, leading to swifter case resolution and increased legal certainty.
The regulation also harmonizes procedural rules in various areas, such as the rights of complainants and parties under investigation, and streamlines cooperation and dispute resolution between DPAs. These measures aim to enhance efficiency, facilitate early consensus-building, and ensure timely completion of investigations.
The proposal is based on input from various stakeholders, including the European Data Protection Board (EDPB), civil society organizations, businesses, academia, and legal practitioners. The Commission conducted a call for evidence and engaged in bilateral meetings to gather feedback before formulating the regulation.
The GDPR has proven effective since its implementation, with over 2,000 cross-border cases registered and 711 final decisions made by the EDPB. The regulation has resulted in significant fines for non-compliance. The Commission’s next report on the application of the GDPR is expected in 2024.
The new regulation aims to address procedural differences among DPAs, which have hindered the smooth functioning of cooperation and dispute resolution mechanisms. By harmonizing procedural aspects, the proposal seeks to strengthen cooperation, deliver swift remedies for individuals, and further enhance the GDPR’s enforcement system.
The proposal will now undergo further evaluation and potential amendments by the European Parliament and Council before becoming law.
https://ec.europa.eu/commission/presscorner/detail/en/IP_23_3609