The European Commission submitted a legislative proposal in July 2023 to improve enforcement of the General Data Protection Regulation (GDPR) in cross-border cases. This proposal comes in response to criticism from the European Parliament and civil society organizations about flaws in the current enforcement mechanisms. Although the AVG has been in force since 2018, reports point to inconsistencies and delays in enforcement by national data protection authorities (DPAs).
The bill seeks to introduce the following changes, among others:
Harmonization of procedural rights:
The proposal specifies rights such as the right to inspect certain documents and the right to be heard by both complainants and parties under investigation (Chapters III and IV of the proposal).
Strengthening cooperation among supervisors:
Article 9 introduces early coordination between concerned authorities to reach consensus on the investigation. This should improve coordination between the lead regulator (LSA) and other relevant authorities (CSAs).
Litigation mitigation:
The proposal strictly defines what constitutes a "relevant and reasoned objection" (Article 18) to prevent unnecessary litigation from delaying the progress of cases.
Time limits and emergency procedures:
Time constraints are introduced for the resolution of complaints and disputes, and options for emergency procedures under Article 66 GDPR are tightened.
More efficient complaint procedures:
Complaints must be submitted using standardized forms and are evaluated based on harmonized admissibility criteria (Articles 3 and 4).
