Article 97 GDPR
Legal Text
1. By 25 May 2020 and every four years thereafter, the Commission shall submit a report on the evaluation and review of this Regulation to the European Parliament and to the Council. The reports shall be made public.
2. In the context of the evaluations and reviews referred to in paragraph 1, the Commission shall examine, in particular, the application and functioning of:
- (a) Chapter V on the transfer of personal data to third countries or international organisations with particular regard to decisions adopted pursuant to Article 45(3) of this Regulation and decisions adopted on the basis of Article 25(6) of Directive 95/46/EC;
- (b) Chapter VII on cooperation and consistency.
3. For the purpose of paragraph 1, the Commission may request information from Member States and supervisory authorities.
4. In carrying out the evaluations and reviews referred to in paragraphs 1 and 2, the Commission shall take into account the positions and findings of the European Parliament, of the Council, and of other relevant bodies or sources.
5. The Commission shall, if necessary, submit appropriate proposals to amend this Regulation, in particular taking into account of developments in information technology and in the light of the state of progress in the information society.
Relevant Recitals
There is no relevant recital for Article 97 GDPR.
Commentary
According to Article 97(1) GDPR, the Commission is required to prepare a report every four years to be submitted to the European Parliament and the Council.
The report describes the functioning of the GDPR and focuses “in particular” on the state of implementation of two GDPR Chapters. The first is Chapter V on the transfer of personal data to third countries or international organisations. Here, the Commission's attention will have to focus on the functioning of existing adequacy decisions (Article 45(3) GDPR), even if they were adopted during the previous framework (Article 25(6) Directive 95/46/EC or 'DPD').[1] The second area of interest is Chapter VII, where the Commission assesses the cooperation and consistency mechanisms.
In performing its reporting activity, the Commission “may request information from Member States and supervisory authorities” (Article 97(3) GDPR) and “shall take into account the positions and findings of the European Parliament, of the Council, and of other relevant bodies or sources” (Article 97(4) GDPR).
Once it has carried out its assessment and reporting, if the Commission finds that changes or improvements of the GDPR are needed, under Article 95(7) GDPR it can propose amendments to it, particularly taking into account developments in information technology and progress in relation to the information society (Article 17(2) of the Treaty on European Union).[2]
Decisions
→ You can find all related decisions in Category:Article 97 GDPR