Computer & Communication Industry Association
PublishedMarch 23, 2023

GDPR Enforcement Urgently Needs Fixing, Tech Industry Tells European Commission

Brussels, BELGIUM – The European Commission needs to address significant shortcomings in the way EU cross-border data protection cases are being handled right now, the Computer & Communications Industry Association (CCIA Europe) cautions.

In comments filed to a Commission consultation today, CCIA Europe urges the EU executive arm to fix the most urgent deficiencies in the enforcement of the EU General Data Protection Regulation (GDPR) as part of the new procedural rules expected later this year. 

CCIA calls on the Commission to explicitly recognise the fundamental rights of defendants in cross-border proceedings, particularly when (national) supervisory authorities cannot reach a decision and the case is escalated to the European Data Protection Board (EDPB). 

Among others, the Commission should grant companies an explicit right to appeal binding EDPB decisions that directly impact them. This comes after a recent EU General Court ruling eliminated defendants’ appeal rights and judicial review of such decisions. 

CCIA Europe also expresses significant concerns regarding the inconsistent adherence to the right to a fair hearing in cross-border cases, both at national and EDPB levels. 

Should the EU Court of Justice authorise national competition bodies or other authorities to examine companies’ GDPR compliance, detailed rules need to set out how those authorities should cooperate in order to prevent enforcement fragmentation across the EU. CCIA’s submission also includes fixes to speed up the resolution of clear-cut cross-border cases.

The following can be attributed to CCIA Europe’s Public Policy Director, Alexandre Roure:

“Five years after the GDPR came into force, the enforcement of the EU’s main data protection regulation shows significant shortcomings. It raises serious concerns when defendants’ most basic rights are being undermined, such as the right to appeal an EDPB decision affecting them and the right to a fair hearing.”

“The European Commission should also prioritise preventing inconsistent GDPR enforcement, especially in those cases in which national authorities responsible for enforcing other laws than data protection are now suddenly authorised to verify companies’ compliance with the GDPR.”

“The absence of detailed rules on how exactly competition enforcers and other authorities should cooperate with data protection bodies in GDPR cases could lead to an unprecedented level of fragmentation. This, in turn, jeopardises companies’ data processing practices and exposes them to potentially unsustainable liability.”

Notes for editors

In case C-252/21, Advocate General Rantos recently advised the EU Court of Justice to grant any authority – beyond data protection supervisory authorities – the power to examine the compliance of a company’s practices with the GDPR. The EU Court of Justice tends to follow the Advocate General’s non-binding opinion, and is expected to issue a ruling later this year.

reading-tablet
  • Press Releases
  • Trade

U.S. Industry Raises Concerns on European Cloud Services Scheme Ahead of EU-U.S. TTC Meetings

Washington – The Computer & Communications Industry Association and other industry groups sent a letter to the U.S. Administration detailing concerns with the recent developments on the forthcom...
reading-tablet
  • Press Releases
  • Trade

CCIA Statement Following Initial Conclusions on U.S.-Taiwan Initiative on 21st-Century Trade

Washington – The Office of the U.S. Trade Representative announced that they concluded negotiations on the first part of the U.S.-Taiwan Initiative on 21st Century Trade. The first agreement under t...
reading-tablet
  • Press Releases
  • Privacy

CCIA Agrees With New York Privacy Bill Goals, But Requests Further Amendments On Compliance Details

Washington –  The Computer & Communications Industry Association filed comments today opposing New York privacy legislation that would set different standards and definitions than other pri...
reading-tablet
  • Press Releases
  • Privacy

CCIA Submits Comments, Testifies Against Harmful Maine Privacy Bills

Washington – CCIA submitted comments and will testify before the Maine State Legislature Monday morning in opposition to three consumer data privacy bills, highlighting concerns around interoperabil...