From the list of issues, we have derived sixteen “core concepts”, which can provide solutions via high-level principles and rules.

Ideally, these concepts should be abstract enough to capture many problems, with a simple rule or principle that can be included in various provisions throughout the new Regulation.

When developing these principles, we have actively considered existing mechanisms in EU law, such as instruments in procedural rules, which seem to have many common features with GDPR procedures.

Concept 11: Defining minimal requirements for decisions

Given that the “looser’s SA” is in charge of issuing a decision under Article 60(7) to (9), it is unclear at the outset of a (complaints) procedure, which SA will have to issue the final decision. This can lead to the filing CSA in Member State A having to issue a decision that the LSA in Member State B has drafted, under the procedural law of Member State B.

I would be necessary that a decision has common minimal standards that are also accepted through the EU. Currently CSAs simply “forward” the LSA decision as it is; sometimes only as an auto translation, with no comment, information on appeals and alike.

This also means that an appeals court in the CSA’s Member State A may have to overturn the decision simply because the LSA in Member State B has not followed the CSA  Member State A’s procedural requirements and the CSA was not allowed to rewrite the decision.

Minimum standards would allow the free flow of decisions that fulfill minimal requirements (see next concept), which would be similar to the Brussels-Regulations for civil law decisions.


  • A uniform minimum standard would ensure the free flow of decisions in the Union.
  • There seems to be hardly any conflict with national law when SAs have to add some elements to decisions to fulfill these minimal requirements.
  • These minimal requirements would only have to be fulfilled if the decision is actually to be issued in another Member State than the LSA (so in cases under Article 60(8) and (9) GDPR), or when SAs are envisaging European enforcement.


  • There may be the need to apply the national requirements for decisions in parallel with the requirements under the Regulation.