EU – EDPB announces commitment to enhanced enforcement cooperation between DPAs
03 May 2022
On 29 April 2022, the European Data Protection Board (EDPB) announced that data protection supervisory authorities in the EU (DPAs) had reiterated their commitment to cross-border cooperation and agreed to take specific steps to ensure that strategic cases receive proper attention and result in swift and uniform enforcement. The EDPB issued a statement where it clarified the steps agreed by the DPAs, which include the following:
DPAs will collectively identify cross-border cases of strategic importance; such cases will be prioritised and supported by the EDPB. The statement includes quantitative and qualitative criteria for identifying strategic cases (e.g. cases affecting a large number of data subjects in the EEA, cases dealing with a structural or recurring problem in several member states, and cases related to the intersection of data protection with other legal areas).
The EDPB, under the direction of the lead DPA, will draw-up an action plan, with clear action points and timelines, and will facilitate early and sustained sharing of all relevant information aiming at rapid informal consensus building.
- DPAs may join forces on investigation and enforcement activities; where needed, an EDPB Task force can be created. Joint investigations under Art. 62 GDPR will be carried out, where possible, by a limited number of DPAs to increase efficiency.
- National enforcement strategies of DPAs will be aligned to agree on annual enforcement priorities at the EDPB level and DPAs may agree on a common enforcement framework, including common instruments for inspections, for this purpose.
- The EDPB will propose a template for data subjects’ complaints, to be used by DPAs on a voluntary basis.
- The EDPB will identify a list of procedural aspects that could be further harmonised to maximise the positive impact of GDPR cooperation and collect best practices on the interpretation of national procedural law in a way that ensures a more effective application of the GDPR.
The EDPB will also look into embedding the GDPR and the role of the DPAs in the overall regulatory architecture that is being developed for the digital market, including the proposed Data Act, Digital Markets Act, Digital Services Act, Artificial Intelligence Regulation and Data Governance Act.