The European Commission (EC) recently launched a public consultation on the enforcement of the General Data Protection Regulation (GDPR) and started its initiative to further procedural rules relating to the enforcement of the GDPR.
Bitkom is thankful for the opportunity to contribute to the consultation and welcomes future occasions to offer its expertise in open discussions.
We welcome the EC’s initiative intended to streamline cooperation between DPAs when enforcing the GDPR in cross-border cases, and to harmonize certain procedural aspects applied by DPAs in cross-border cases. We view this an opportunity for a broader conversation on how to improve GDPR enforcement. We believe that the following points could have a significant positive impact in how fundamental privacy rights of Europeans are preserved while ensuring legal certainty:
In our view, it is overdue for the EC to address the fact that the consistency mechanism does not function sufficiently in practice. It should have already done so - also due to the "voices" from the EDPB - in the context of the evaluation of the GDPR.
The current enforcement practice and missing harmonization results in competitive disadvantages for companies located in those EU member states where data protection infringements are enforced on the basis of a more restrictive interpretation of the rules.
Coherence and harmonization on the basis of a progressive, innovation-friendly and data-use-friendly interpretation of the GDPR rules in line with new Regulation (e.g. the EU Data Act) should therefore be the main priority for the current review.
Harmonized interpretation (and therefore enforcement) is especially needed in the context of special categories of data where the lack of harmonization and a very restrictive understanding has led to serious disadvantages in some countries. In the interest of a functioning internal market, technological advancements, much needed research (esp. when it comes to health data) and the goal of the EC to support Data Spaces, DPAs, regulators and Industry need to find a new approach for consensus and dialogue to advance the Data Economy while preserving fundamental rights.
And while we consider that improving cooperation between national DPAs when enforcing GDPR in cross-border cases is essential to ensure a harmonized and thus efficient and effective enforcement, we would like to also draw the attention of the EC to the importance of considering other dimensions of the GDPR enforcement mechanism in addition to Article 63 GDPR.
Our detailed Position Paper can be downloaded below.