The European Commission's plans to expedite General Data Protection Regulation (GDPR) cases, particularly involving Big Tech firms, by enhancing collaboration among EU data regulators have been well-received by experts.
The proposed GDPR Procedural Regulation, issued in July, aims to streamline and harmonize procedures between data protection authorities (DPAs) in cross-border cases.
The key objective of the proposed regulation is to facilitate early consensus building and reduce disagreements between DPAs, ultimately minimizing the reliance on the GDPR's Article 65 dispute resolution mechanism. This mechanism involves the European Data Protection Board (EDPB) stepping in to resolve cross-border cases. However, some DPAs and privacy campaigners have raised concerns about EDPB binding decisions, stating that they may lead to enforcement actions and penalties they disagree with.
The new proposal requires a lead DPA to promptly share a summary of key issues with other DPAs during an investigation, allowing them to raise potential objections swiftly. If disagreements persist, the EDPB can adopt an urgent binding resolution to expedite the case resolution process.
Experts have expressed support for the proposal, believing that harmonization among DPAs can improve cross-border investigations. However, some cautioned that the effectiveness of the regulation may depend on the willingness of DPAs to cooperate and agree on enforcement practices.
Mark Weston, head of technology law at Hill Dickinson, described the proposal as "workable and sensible," but also noted that cross-border investigations are not frequent, limiting the number of cases that will test these procedures.
Nick Henderson-Mayo, director of learning and content at VinciWorks, emphasized the critical timing of the proposal, highlighting the importance of consistency to ensure the GDPR's continued effectiveness in protecting citizens' data.
Robert Grosvenor, managing director and data privacy expert at Alvarez & Marsal, welcomed the harmonization efforts, acknowledging the challenges faced by EU DPAs in enforcing GDPR rules against large technology companies. However, he also pointed out that the new procedures still rely on effective cooperation among DPAs.
Lauren Cuyvers, senior managing associate at Sidley Austin, noted that while the proposed regulation aims to harmonize procedural rules across the EU, variations in DPAs' understanding and interpretation of the GDPR may persist and require resolution through existing dispute resolution mechanisms.
The proposed GDPR Procedural Regulation is seen as a step towards strengthening data protection measures and facilitating more efficient investigations. As the consultation on the proposal progresses, stakeholders and industry experts will closely monitor its potential impact on cross-border cases involving major technology companies and the broader GDPR enforcement landscape.
By fLEXI tEAM
Comments