The European Commission is proposing a new law to streamline cooperation between data protection authorities (DPAs) when enforcing the General Data Protection Regulation (GDPR) in cross-border cases.

The new regulation will establish specific procedural rules for authorities when they apply the GDPR to cases involving natural persons located in more than one Member State.

For example, will introduce an obligation for the chief data protection authority to send a ‘summary of key issues’ to their respective authoritiesin which it will identify the main elements of the investigation and its views on the case and, therefore, the possibility will be given to the authorities in question to express their views in a timely manner.

The proposal will help reduce disputes and facilitate consensus between authorities from the early stages of the process.

The new rules will clarify what should be included in complaints made by natural persons and ensure that natural persons are properly involved in the process. They will also clarify businesses’ due process rights when a DPA investigates a potential GDPR violation. The rules will therefore lead to faster settlement of cases, which means faster legal protection for individuals and greater legal certainty for businesses. As far as data protection authorities are concerned, the new rules will streamline cooperation and enhance the effectiveness of law enforcement.

– Harmonization of procedural rules in cross-border cases –

The new regulation provides detailed rules to support the smooth functioning of the cooperation and coherence mechanism established with the GDPR, harmonizing the rules in the following areas:

– Rights of complainants: The proposal harmonises the requirements for a cross-border complaint to be admissible, removing existing obstacles arising from the fact that DPAs follow different rules. Establishes common hearing rights for complainants in cases where their complaints are rejected in whole or in part. In cases where a complaint is investigated, the proposal lays down rules for the proper participation of complainants.

– Rights of researched parties (controllers and processors): The proposal gives researched parties the right to be heard at key stages of the process, including in dispute resolution by the European Data Protection Board (EDPB), and clarifies the content of the administrative file and the access rights of the parties to this file.

– Streamlining cooperation and dispute resolution: Under the proposal, DPOs will be able to provide their views at an early stage of investigations and make use of all the cooperation tools provided by the GDPR, such as joint investigations and mutual assistance. These provisions will strengthen the influence of DPAs in cross-border cases, facilitate consent at an early stage of investigation and reduce later disputes. The proposal lays down detailed rules to facilitate the swift completion of the GDPR’s dispute resolution mechanism and provides for common deadlines for cross-border cooperation and dispute resolution.

The harmonization of these procedural aspects will support the timely completion of investigations and the speedy provision of legal protection to natural persons.