Concept 16: Defining GDPR terminology, legal assumptions and deadlines Many elements of the GDPR are not defined, such as “mutual assistance”, “rejection”, or the “dismissal” of a case. The new Regulation could increase legal certainty when applying the GDPR, by using...
Concept 15: Transparency and accountability There are currently very different statistics provided by SAs on how they enforce the GDPR, usually in annual reports. In addition, while some SAs publish all or most decisions (e.g. Spain), others do not publish decisions...
Concept 14: Clear deadlines, especially for LSAs Currently most clear deadlines only apply to CSAs and the EDPB, leaving the LSA with very open deadlines like “without delay”. This leads to some LSAs taking up to four years to reach a “draft decision”, more than three...
Concept 13: European enforcement Currently there is no option for cross-country enforcement under GDPR. Especially for third-country controllers or processors, this means that the SA at the place of the complaint or any ex officio investigation can easily be...
Concept 12: Decisions other than those named in Article 60 GDPR In practice, SAs do not only “dismiss” or “reject” cases, but also have other forms of ending a case, such as “amicable resolutions”, “closing” a case without taking any decision, or the need to end a...
Concept 11: Defining minimal requirements for decisions Given that the “looser’s SA” is in charge of issuing a decision under Article 60(7) to (9), it is unclear at the outset of a (complaints) procedure, which SA will have to issue the final decision. This can lead...