Print

European Commission’s GDPR Review: Stronger European solidarity for the enforcement of the GDPR

24
Jun
2020

European Commission’s GDPR Review: Stronger European solidarity for the enforcement of the GDPR

The EDPS welcomes the European Commission’s General Data Protection Regulation (GDPR) review, published today that assesses the application of the Regulation after two years of experience with it.  

The EDPS agrees with the Commission’s positive evaluation. The GDPR has strengthened the fundamental right to data protection, and contributed to raising awareness about the importance of data privacy, both within the EU and in other parts of the world. 

As mentioned by the Commission’s report, the consistent and efficient enforcement of the GDPR remains a priority. Resources available for the national data protection authorities (DPAs) are sometimes insufficient and there are some discrepancies caused by the different legal frameworks and national procedural laws. In response to these practical constraints, the EDPS believes that solidarity and reinforced cooperation with the European Data Protection Board (EDPB) and other related actors is key. 

Wojciech Wiewiórowski, EDPS, said:We now need a stronger expression of genuine European solidarity, burden sharing and a common approach to ensure the enforcement of our data protection rules. The outstanding success of the GDPR is the combination of many factors but the European data protection authorities’ ability to enforce EU rules is key, in particular if we want to address some harmful data practices by powerful global players. The EDPS stands ready to share its resources and expertise”. 

To accompany DPAs in their work, the EDPS shares the idea of setting up a Support Pool of Experts within the EDPB. This initiative could provide support to DPAs on complex and resource-demanding cases in a genuine expression of European solidarity and burden sharing. 

In correlation with this review, the EDPS will publish its Strategy for 2020-2024 on 30 June, detailing its plan of actions and how we envisage our continued collaboration with the EDPB, other supervisory authorities within the EU and the European institutions and bodies (EUI).

Background information

The rules for data protection in the EU institutions, as well as the duties of the European Data Protection Supervisor (EDPS), are set out in the new Regulation (EU) 2018/1725. These rules replaced those set out in Regulation (EC) No 45/2001 in December 2018.

The EDPS is an increasingly influential independent supervisory authority with responsibility for monitoring the processing of personal data by the EU institutions and bodies, advising on policies and legislation that affect privacy and cooperating with similar authorities to ensure consistent data protection. Our mission is also to raise awareness on risks and protect people’s rights and freedoms when their personal data is processed.

Wojciech Wiewiórowski (EDPS), was appointed by a joint decision of the European Parliament and the Council on to serve a five-year term, beginning on 6 December 2019.

Personal information or data: any information relating to an identified or identifiable natural (living) person. Examples include names, dates of birth, photographs, video footage, email addresses and telephone numbers. Other details, such as IP addresses and communications content - related to or provided by end-users of communications services - are also considered as personal data.

Privacy: the right of an individual to be left alone and in control of information about his or herself. The right to privacy or private life is enshrined in the Universal Declaration of Human Rights (Article 12), the European Convention of Human Rights (Article 8) and the European Charter of Fundamental Rights (Article 7). The Charter also contains an explicit right to the protection of personal data (Article 8).

Processing of personal data: According to Article 4(1) of Regulation (EU) No 679/2016, processing of personal data refers to “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction." See the glossary on the EDPS website.

The powers of the EDPS are clearly outlined in Article 58 of Regulation (EU) 2018/1725.

Available languages: English