On December 15, the Civil Liberties Committee (LIBE) of the European Parliament issued a press release announcing a provisional political agreement between the European Parliament and Council negotiators on the texts of both the General Data Protection Regulation and the Police & Judicial Cooperation Data Protection Directive. Formal approval by the Council is expected shortly and by the European Parliament in early 2016, after which the legislation will be published in the Official Journal. The new provisions will apply two years later, in the first quarter of 2018.
One Stop Shop
Dispute resolution mechanisms for SAs and individuals are key part of proposed EU regulation
This is Part 5 — the final part — of a five-part series on the “One Stop Shop” mechanism in the proposed new European data protection regulation. In Part 1 we examined why there is a need for a One Stop Shop, and what it is. In Part 2 we examined the concept of main establishment and the position of entities without an EU establishment. In Part 3 we considered the competency of supervisory authorities (SAs), the cooperation obligations in relation to SAs and the functions of the European Data Protection Board (EDPB). In Part 4 we discussed the consistency mechanism applicable to supervisory authorities. In this Part we look at the application of sanctions by the lead SA across the EU, disagreements between SAs, complaints and litigation for affected data subjects, the application of foreign laws by the lead SA, and matters of language and culture.
Application of sanctions by lead SA across the EU
A Council debate note of 26 May 2014 flagged that at least one EU Member State had raised constitutional problems regarding the legal effect of applying measures decided by the lead SA in other EU Member States.
The Italian Presidency of the Council has addressed these concerns by clarifying that the lead SA would be competent in applying its supervisory powers, deciding on the case and directing the decision, on its own territory, to the main establishment of the controller or processor. It would then be for the data controller or data processor to implement the decision as regards all its establishments in the EU.
EU regulation proposal seeks to encourage consistency in data protection enforcement
This is Part 4 of a five-part series on the “One Stop Shop” mechanism in the proposed new European data protection regulation. In Part 1 we examined why there is a need for a One Stop Shop, and what it …
EU focuses on authority of SAs to enforce “One Stop Shop,” proposes a replacement for WP29
This is Part 3 of a five-part series on the “One Stop Shop” mechanism in the proposed new European data protection regulation. In Part 1 we examined why there is a need for a One Stop Shop, and what it…
EU’s “One Stop Shop” Proposal Focuses on “Main Establishment” as Nexus of DPA Enforcement Authority
This is Part 2 of a five-part series on the “One Stop Shop” mechanism in the proposed new European data protection regulation. In Part 1 we examined why there is a need for a One Stop Shop, and what it …
EU Proposes “One Stop Shop” for Data Protection Supervision and Enforcement
This is Part 1 of a five-part series on the “One Stop Shop” mechanism in the proposed new European data protection regulation.
The Council of the European Union (the Council) has recently published a partial general agreement on its…