Photo: https://pixabay.com/

Data protection rules as a trust-enabler in the EU and beyond – taking stock

30 July 2019
Knowledge Base

The General Data Protection Regulation (hereafter ‘the Regulation’) applies across the European Union since over one year. It is at the centre of a coherent and modernised EU data protection landscape that also includes the Data Protection Law Enforcement Directive and the Data Protection Regulation for EU institutions and bodies. This framework is to be completed by the e-Privacy Regulation which is currently in the legislative process.

On the basis of information available to date and the dialogue with stakeholders, the Commission’s preliminary assessment is that the first year of application of the Regulation has been overall positive. Nevertheless, as shown in this Communication, further progress is necessary in a number of areas.

Implementing and complementing the legal framework:

  • The three Member States which have not yet updated their national data protection lawmust do so as a matter of urgency. All Member States should complete the alignment of their sectoral legislation with the requirements of the Regulation.
  • The Commission will use all the tools at its disposal, including infringement procedures, to ensure that Member States comply with the Regulation and limit any fragmentation of the data protection framework.

Making the new governance system deliver its full potential:

  • Member States should allocate sufficient human, financial and technical resources to national data protection authorities.
  • The data protection authorities should step up their cooperation, for instance by conducting joint investigations. Member States should facilitate the conduct of such investigations.
  • The Board should further develop an EU data protection culture and make full use of the tools provided for in the Regulation to ensure a harmonised application of the rules. It should continue its work on guidelines, especially for small and medium size enterprises.
  • The expertise of the Board’s secretariat should be strengthened to support and lead the work of the Board more effectively.
  • The Commission will continue to support data protection authorities and the Board, in particular by actively participating in the work of the Board and calling its attention to the requirements of EU law in the course of the implementation of the Regulation.
  • The Commission will support the interaction between data protection authorities and other authorities, notably from the competition area in full respect of their respective competencies.

Supporting and involving stakeholders:

  • The Board should enhance the way it involves stakeholders in its work. The Commission will continue its financial support to data protection authorities to help them reach out to stakeholders.
  • The Commission will continue its awareness-raising activities and its work with stakeholders.

Promoting international convergence:

  • The Commission will further intensify its dialogue on adequacy with qualifying key partners, including in the area of law enforcement. In particular, it aims to conclude the ongoing negotiations with South Korea in the coming months. It will report in 2020 on the review of the 11 adequacy decisions adopted under the Data Protection Directive.
  • The Commission will continue its work, including through technical assistance exchange of information and best practices, with countries interested in adopting modern privacy laws and foster cooperation with third countries’ supervisory authorities and regional organisations.
  • The Commission will engage with multilateral and regional organisations to promote high data protection standards as a trade enabler and cooperation facilitator (e.g. under the ‘Data Free Flow with Trust’ initiative launched by Japan in the context of the G20).

The Regulation requires the Commission to report on its implementation in 2020. This will be an opportunity to assess the progress made and whether after two years of application the various components of the new data protection regime are fully operational. To this end, the Commission will engage with the European Parliament, the Council, Member States, the European Data Protection Board, relevant stakeholders and citizens.

Source: https://ec.europa.eu

Leave a Reply

Your email address will not be published. Required fields are marked *