Concept 14: Clear deadlines, especially for LSAs
Currently most clear deadlines only apply to CSAs and the EDPB, leaving the LSA with very open deadlines like “without delay”. This leads to some LSAs taking up to four years to reach a “draft decision”, more than three years to even open an investigation, or taking more than half a year to e.g. trigger the Article 65 procedure after reasoned objections arrived. These loopholes need to be fixed to ensure that LSAs cannot undermine procedures just by delaying them. The fact that LSAs cannot be held to account for delays is also problematic for CSAs that must adhere to maximum durations for procedures nationally.
While the short deadlines of two or four weeks in Article 60 GDPR have proven to be unrealistic, a comparison by the EDPB largely found that SAs have to decide within three, six or twelve months in many Member States. These durations could be the baseline for deadlines in the Regulation. An option to prolong deadlines in cases of force majeure or in very complex cases (see above for the differentiation of minor/normal/major cases) could allow for necessary flexibility.