Article 63 GDPR: Difference between revisions
(5 intermediate revisions by 3 users not shown) | |||
Line 185: | Line 185: | ||
== Legal Text == | == Legal Text == | ||
<br /><center>'''Article 63 - Consistency mechanism'''</center | <br /><center>'''Article 63 - Consistency mechanism'''</center> | ||
In order to contribute to the consistent application of this Regulation throughout the Union, the supervisory authorities shall cooperate with each other and, where relevant, with the Commission, through the consistency mechanism as set out in this Section. | In order to contribute to the consistent application of this Regulation throughout the Union, the supervisory authorities shall cooperate with each other and, where relevant, with the Commission, through the consistency mechanism as set out in this Section. | ||
Line 194: | Line 194: | ||
== Commentary == | == Commentary == | ||
One of the main goals of the GDPR was to solve the problem of having a fragmented system of EU data protection rules, which the DPD had not been able to prevent from happening. In this respect, it was crucial to implement a system which would eventually ensure a consistent interpretation of such rules in the same way. | One of the main goals of the GDPR was to solve the problem of having a fragmented system of EU data protection rules, which the DPD had not been able to prevent from happening. In this respect, it was crucial to implement a system which would eventually ensure a consistent interpretation of such rules in the same way. The GDPR now foresees a consistency mechanism which pursues two main objectives. First, it seeks to “''ensure that all DPAs interpret and apply the GDPR in a consistent, harmonious and uniform manner''”. Second, it assists in solving disputes which may arise ''“either between the DPAs over the course of the one-stop-shop mechanism'' [...], ''or when a DPA disregards or fails to seek the opinion of the EDPB in those cases where it is required by the consistency mechanism''”.<ref>''Van Eecke, Simkus'', in Kuner et al., The EU General Data Protection Regulation (GDPR), Article 63 GDPR, p. 998-999 (Oxford University Press 2020).</ref> The authority tasked with such an important role is the European Data Protection Board (EDPB). The ultimate goal of ensuring consistency in the European data protection system is implemented through the so-called consistency mechanism, which is triggered in three distinct circumstances, as outlined below. | ||
==== A Supervisory Authority Plans to Adopt a Measure which has Effects in Different Member States ==== | |||
First, under Article 64(1) GDPR, the consistency mechanism is triggered when a supervisory authority (“''SA''”) plans to adopt a measure intended to produce legal effects as regards processing operations which substantially affect a significant number of data subjects in several Member States. Examples of these measures are standard data protection clauses referred to in Article 46(2)(d) GDPR, contractual clauses referred to in Article 46(3)(a) GDPR, or binding corporate rules within the meaning of Article 47 GDPR. In these cases, the EDPB will issue an opinion on the matter within eight weeks by simple majority. | |||
==== | ==== Any Other Matter of General Application or Producing Effects in different Member States ==== | ||
Any SA, the Chair of the EDPB or the Commission may request that any matter of general application or producing effects in more than one Member State be examined by the EDPB with a view to obtaining an opinion, in particular where a competent SA does not comply with the obligations for mutual assistance in accordance with Article 61 GDPR or for joint operations in accordance with Article 62 GDPR. Also in this case, the EDPB will issue an opinion on the matter within eight weeks by simple majority. | |||
==== | ==== Following a Dispute During the One-stop-shop ==== | ||
This mechanism seems to be directly, though not entirely, related to remedying possible dysfunctions of the one-stop-shop. As analysed above, the one-stop-shop provides specific rules for the management of so-called “''cross-border cases''”. Through these rules, the SAs involved improve cooperation and reduce uncertainty for data subjects and controllers. This mechanism, however, does not prevent a certain SA from abusing its position, for instance by arrogating to itself (wrongly) the role of lead SA or by ignoring relevant and reasoned objections formulated by other SAs. | |||
Precisely to remedy the shortcomings or possible problems of the one-stop-shop, the GDPR foresees specific rules with respect to different types of situations. Article 65 GDPR provides for a dispute-resolution procedure in the event that the SA concerned does not comply with Article 64 GDPR mentioned above or that clarification by the EDPB is required for disputes arising during the one-stop-shop. Article 66 GDPR provides for an urgency procedure when, by virtue of exceptional circumstances, a DPA needs to derogate from the one-stop-shop or the consistency mechanism. | |||
Precisely to remedy the shortcomings or possible problems of the one-stop-shop, the GDPR | |||
In this scenario, the EDPB can issue a decision on how to resolve the aforementioned situations. This decision is legally binding on the SAs concerned. | |||
== Decisions == | == Decisions == | ||
→ You can find all related decisions in [[:Category:Article 63 GDPR]] | → You can find all related decisions in [[:Category:Article 63 GDPR]] | ||
Line 217: | Line 214: | ||
<references /> | <references /> | ||
[[Category:Article 63 GDPR]] [[Category:GDPR]] | [[Category:Article 63 GDPR]] [[Category:GDPR Articles]] |
Latest revision as of 06:55, 29 April 2022
Legal Text
In order to contribute to the consistent application of this Regulation throughout the Union, the supervisory authorities shall cooperate with each other and, where relevant, with the Commission, through the consistency mechanism as set out in this Section.
Relevant Recitals
Commentary
One of the main goals of the GDPR was to solve the problem of having a fragmented system of EU data protection rules, which the DPD had not been able to prevent from happening. In this respect, it was crucial to implement a system which would eventually ensure a consistent interpretation of such rules in the same way. The GDPR now foresees a consistency mechanism which pursues two main objectives. First, it seeks to “ensure that all DPAs interpret and apply the GDPR in a consistent, harmonious and uniform manner”. Second, it assists in solving disputes which may arise “either between the DPAs over the course of the one-stop-shop mechanism [...], or when a DPA disregards or fails to seek the opinion of the EDPB in those cases where it is required by the consistency mechanism”.[1] The authority tasked with such an important role is the European Data Protection Board (EDPB). The ultimate goal of ensuring consistency in the European data protection system is implemented through the so-called consistency mechanism, which is triggered in three distinct circumstances, as outlined below.
A Supervisory Authority Plans to Adopt a Measure which has Effects in Different Member States
First, under Article 64(1) GDPR, the consistency mechanism is triggered when a supervisory authority (“SA”) plans to adopt a measure intended to produce legal effects as regards processing operations which substantially affect a significant number of data subjects in several Member States. Examples of these measures are standard data protection clauses referred to in Article 46(2)(d) GDPR, contractual clauses referred to in Article 46(3)(a) GDPR, or binding corporate rules within the meaning of Article 47 GDPR. In these cases, the EDPB will issue an opinion on the matter within eight weeks by simple majority.
Any Other Matter of General Application or Producing Effects in different Member States
Any SA, the Chair of the EDPB or the Commission may request that any matter of general application or producing effects in more than one Member State be examined by the EDPB with a view to obtaining an opinion, in particular where a competent SA does not comply with the obligations for mutual assistance in accordance with Article 61 GDPR or for joint operations in accordance with Article 62 GDPR. Also in this case, the EDPB will issue an opinion on the matter within eight weeks by simple majority.
Following a Dispute During the One-stop-shop
This mechanism seems to be directly, though not entirely, related to remedying possible dysfunctions of the one-stop-shop. As analysed above, the one-stop-shop provides specific rules for the management of so-called “cross-border cases”. Through these rules, the SAs involved improve cooperation and reduce uncertainty for data subjects and controllers. This mechanism, however, does not prevent a certain SA from abusing its position, for instance by arrogating to itself (wrongly) the role of lead SA or by ignoring relevant and reasoned objections formulated by other SAs.
Precisely to remedy the shortcomings or possible problems of the one-stop-shop, the GDPR foresees specific rules with respect to different types of situations. Article 65 GDPR provides for a dispute-resolution procedure in the event that the SA concerned does not comply with Article 64 GDPR mentioned above or that clarification by the EDPB is required for disputes arising during the one-stop-shop. Article 66 GDPR provides for an urgency procedure when, by virtue of exceptional circumstances, a DPA needs to derogate from the one-stop-shop or the consistency mechanism.
In this scenario, the EDPB can issue a decision on how to resolve the aforementioned situations. This decision is legally binding on the SAs concerned.
Decisions
→ You can find all related decisions in Category:Article 63 GDPR
References
- ↑ Van Eecke, Simkus, in Kuner et al., The EU General Data Protection Regulation (GDPR), Article 63 GDPR, p. 998-999 (Oxford University Press 2020).