The Committee on Civil Liberties, Justice and Home Affairs adopted the report by Sergey LAGODINSKY (Greens/EFA, DE) on the proposal for a regulation of the European Parliament and of the Council laying down additional procedural rules relating to the enforcement of Regulation (EU) 2016/679.
Complaints are an essential source of information for detecting infringements of data protection rules. Defining clear and efficient procedures for the handling of complaints in cross-border cases is necessary since the complaint may be dealt with by a supervisory authority other than the one to which the complaint was lodged. To this end, it is recommended that an efficient mechanism for communication between supervisory authorities should be created to facilitate rapid and secure sharing of information necessary to resolve complaints in accordance with data protection rules.
Overall, this report consolidates and expands on the provisions on general procedural rules in order for the right to be heard, translations, confidentiality, and the sincere cooperation of authorities to always apply, not only in the case of complaints or for dispute resolution among authorities.
The committee responsible recommended that the European Parliament's position adopted at first reading under the ordinary legislative procedure should amend the proposal as follows:
Subject matter and scope
The proposed Regulation lays down procedural rules for the handling of complaints and the conduct of investigations in complaint-based and ex officio cases by supervisory authorities whenever supervisory authorities of more than one Member State are involved in the case, as well as procedural rules on related judicial remedies.
Applicable procedural law
In addition to this proposal, and provided that it is not in conflict with this Regulation, the procedural law applicable before a supervisory authority should govern all direct interactions between that supervisory authority and the parties before it.
Common procedural standards
The amended text stipulates that each party should have at least the following rights:
- to have their case handled impartially and fairly, and to be treated equally, even if they are before different supervisory authorities in different jurisdictions (“fair procedure”);
- to be heard before any measure is taken that would adversely affect them, including before the decision to uphold, or to fully or partially reject a complaint is adopted (“right to be heard”);
- to have access to the joint case file, except to any internal deliberations of the supervisory authority or deliberations between those authorities (“procedural transparency”).
Use of languages and translations
Members added a new article concerning the cooperation language to be used. The Board should determine one language that should be accepted by all supervisory authorities during the cooperation between authorities.
The lead supervisory authority should provide submissions into the joint case file in the original language and should provide translations into the cooperation language.
Cross-border complaints
A complaint subject to this Regulation should provide the information required in the template, as set out in the Annex. No additional information should be required in order for the complaint to be admissible. The information can be provided by any means the authority accepts, including by not using the template.
The supervisory authority with which a complaint has been lodged should, within two weeks, acknowledge receipt and admissibility of the complaint, or, where a complaint does not meet the requirements, declare the complaint inadmissible and inform the complainant about the missing information.
Handling of complaints
The handling of a complaint should always lead to a legally binding decision that is subject to an effective legal remedy.
Amicable settlement
Amicable settlements are limited to cases of data subject rights, requiring the explicit agreement of the complainant, while not preventing ex-officio investigations of a supervisory authority for larger scale infringements of the GDPR.
Cooperation with other relevant authorities
The lead supervisory authority should provide the other supervisory authorities concerned with instant, unrestricted and continuous remote access to the full joint case file, and should include in the joint case file all relevant information, in particular documents, submissions, memos and other information related to the case within one week from producing or receiving them.
Remedies against procedural determinations
A new article has been introduced stating that remedies against procedural determinations by a supervisory authority under national law should only be brought together with the remedy against the final material decision. Deadlines for remedies against procedural determinations under applicable national law are prolonged for the duration of the procedure before the supervisory authority.
Entry into force and application
The amended text lays down a transitional period of one year to allow for the necessary changes to the Internal Market Information System used by the authorities, and the Rules of Procedure of the Board, as well as possible amendments of national laws.