Effective procedure – challenging the scope of the investigation as determined by the LSA
Article(s) involved (national, EU, or other): Article 60(3) GDPR
Problem
Many responsibilities rest upon the LSA in the context of the OSS mechanism, and in particular deciding on the scope of the investigation itself (i.e. which potential breaches are being investigated). Later in the procedure, the CSAs can only share their reasoned objections on the draft decision communicated by the LSA within that scope. It is too late to ask the LSA to extend the scope of the investigation to other potential breaches. Some SAs are even not allowed due to their national procedural laws to extend the scope of their investigation after a draft decision is shared (see e.g., Belgium).
Ideal Solution
Before submitting a draft decision on the merits of the complaint, the LSA should first consult and agree with CSAs on the scope of the investigation itself.
Proposed Solution
Concepts 3 and 5 address this issue.