Data protection: Council agrees position on GDPR enforcement rules

The Council of the EU reached an agreement on a common member states’ position on a new law which will improve cooperation between national data protection authorities when they enforce the General Data Protection Regulation (GDPR).

The GDPR requires national data protection authorities, which are responsible for enforcing the GDPR, to cooperate when a data protection case concerns cross-border processing. This is the case for instance when the complainant resides in a different member state than the company under investigation.

Once adopted, the regulation will provide tools to speed up the process of handling cross-border complaints filed by citizens or organizations, and any follow-up investigations. This is notably thanks to the harmonization of the requirements for a cross-border action to be admissible. Wherever in the EU a citizen files a complaint relating to cross-border data processing, the admissibility will be judged based on the same information.

It also clarifies the procedural deadlines and procedural steps of an investigation and for the adoption of a binding opinion by the European Data Protection Board (EDPB), the organization which brings together all national data protection authorities, in case of disagreement between data protection authorities.

More details to be found in the press release of the Council from 13 June 2024.