EC Proposes Rules for Streamlining Cross-Border GDPR Cases

The European Commission proposed new rules Tuesday to “ensure stronger” enforcement of the general data protection regulation in cross-border cases. The new rules attempt to harmonize procedures in cross-border cases and allow defendants and complainants the right to be heard earlier in their cases during European Data Protection Board review. Defendants would be able to have their cases heard in court during EDPB dispute resolution before authorities decide whether to fully or partially reject a complaint. The proposal establishes common rights for complainants to be “heard in cases where their complaints are fully or partially rejected.” The proposal makes “some small steps” toward improving cross-board procedures, but it fails to address “major shortcomings,” said Alexandre Roure, Computer & Communications Industry Association public policy director-Europe. CCIA hopes the European Parliament and EU member states will “reinforce defendants’ most basic rights, including the right to appeal EDPB decisions against them and the right to a fair hearing within a realistic time frame.” According to CCIA, when privacy authorities escalate the case to the EDPB, defendants will “only have one week (two weeks in limited cases) to respond to new allegations or alleged evidence brought forward by the EDPB.” The proposal fails to “improve complainants’ rights to be heard and to get access to timely and important information from the investigation an authority carries out,” European consumer advocacy group BEUC said in a statement. Authorities often respond with painstakingly slow enforcement, particularly in cross-border cases, said BEUC: The new proposal fails to add mechanisms to allow complainants to get access to timely information in cases. “Weak and slow enforcement only suits Big Tech and other companies who make money from trampling on people’s right to personal data protection,” said BEUC Deputy Director General Ursula Pachl.