Effective procedure – differences in confidentiality requirements among SAs

Article(s) involved (national, EU, or other):

Problem

In theory, confidentiality requirements could hinder SAs to exchange relevant information in the IMI system with other SAs or the EDPB. The Lux SA, for instance, shall only be authorized to share information with these authorities on the condition that these authorities, bodies and persons are covered by an obligation of professional secrecy equivalent to that cited in their own national GDPR implementation act.

Ideal Solution

The regulation should ensure that SAs are not subject to confidentiality constraints to exchange information between SAs and between SAs and the EDPB, since all of them are already subject to confidentiality obligations under the GDPR, which are enough to support the exchange of information in full confidence. .

Proposed Solution

Concepts 2 should take care of the matter. EU law on commercially sensitive matters are alreadyl unifying the protections.

Reference to specific noyb cases:

See Meta “forced consent” cases in Ireland where we understand that DPC refused to share information with other SAs.

We see a wider trend to counter the transparency obligations under the GDPR with alleged “confidentiality” of any submission, legal argument or fact. Controllers seem to misuse valid arguments for protections to undermine fair procedures and party rights.

This does nto make any sense, since once appeald before the court, all submissions and relevant documents of the administrative file will be shared with all parties under the rules applicable to judicial proceedings.