The European Parliament and the European Council have now published their amendments to the Commission's draft GDPR procedural regulation. We have analysed the two versions and prepared an initial overview (video and presentation).
Background. Under the GDPR, data protection authorities (DPAs) from different member states are supposed to work together when dealing with user complaints and enforcing the law against international companies. However, the various authorities operate under very different national procedural laws. Some Member States do not even have a codified procedure. The GDPR itself does not really provide much clarification on these procedural aspects either.
In 2023, the European Commission has proposed a new regulation to remove obstacles to cooperation. However, it is fair to say that the proposal has been largely criticised for lacking legal quality, shifting powers from the concerned authorities to the lead authorities and not really addressing many underlying issues.
Original proposal and amendments. In the normal EU legislative process, the European Parliament (led by the LIBE Committee) and the Council (with representatives from each EU Member State) have now put forward two amended versions of the Commission proposal:
You can also find the slides from the video here:
The next step is to reconcile these two versions into one text - a huge challenge that will be done in so-called "trilogues".
Overall, we think that the Parliament and Council versions seem to go in the same direction from a political point of view. However, the Parliament's version follows a cleaner high-level approach and has also removed unnecessary steps, while the Council has mainly added elements to the Commission's proposal, making it partly even more complicated to read.
We will follow up with the second video in the coming weeks on the Art 65/66 procedure and a full written comparison.
