On 25 April 2023, the EU Data Protection Supervisor (EDPS) published its contribution in response to the European Commission’s public consultation – “Further specifying procedural rules relating to the enforcement of the General Data Protection Regulation”. In addition to the need for effective, efficient cooperation in cross-border cases, involving Member States’ Data Protection Authorities (DPAs), the EDPS addressed the same needs in circumstance where the data flows from the Union institutions, bodies, offices, agencies (EUIs, such as the EDPS) to other public bodies and private entities within the European Economic Area (EEA).
Image by Pete Linforth from Pixabay
Practical difficulties of the cooperation between the EDPS and national DPAs
Pursuant to the Regulation (EU) 2018/1725 of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the EUIs (the EUDPR), the EDPS is the competent supervisory authority for the EUIs’ processing activities. However, the GDPR (Art. 61, 62), governing the cooperation between the national DPAs, does not cover the collaboration between the national Supervisory Authorities (SAs) and the EDPS under the EUDPR. As a result, the EDPS and DPAs cannot use the same tools. Also, there are no precise provisions or mechanisms governing the cooperation between DPAs and EDPS.
EDPS’ proposals to the Commission
It insisted that the procedural harmonisation will not be the correct solution to all structural issues relating to the GDPR’s one-stop-shop mechanism. Therefore, it encouraged the Commission’s current initiative. Then, it proposed two short-term specific measures as follows:
- For the forthcoming initiative, it should integrate a specific provision confirming that (i) all DPAs must cooperate actively to ensure effective supervision and consistent enforcement of all the Union’s data protection rules – (ii) under Art. 61, 62, 64(2), and 66(3) GDPR, Art. 50 Law Enforcement Directive (LED) as well as Art. 61, 62 EUDPR, (iii) the EDPS should be considered as the supervisory authority for the national DPAs’ cooperation (Chapter VII EUDPR) within the meaning of Chapter VII GDPR and Chapter VII LED
- Article 11 of Regulation (EU) No 1024/2012 of 25 October 2012 on administrative cooperation through the Internal Market Information System and repealing Commission Decision 2008/49/EC (‘the IMI Regulation’), the Annex of the IMI Regulation should add a reference to the EUDPR, allowing the DPAs to use the same communication tools amongst them to cooperate with the EDPS.
For more news about data protection on AstraIA Gear: https://www.astraiagear.com/category/data/
For more short news, follow our Page on LinkedIn, cheers!