Publication of the second report on the application of the GDPR: some key issues.
After an initial assessment report dated 24 June 2020, the European Commission has published a second report on the application of the GDPR.
One thing is undeniable: the GDPR has delivered important results for individuals and businesses and continues to provide strong protection, but of course, there is room for improvement, in particular as regards:
- the necessity to handle cross-border cases more efficiently and to deliver quick remedies and legal certainty in cases affecting individuals across the EU through adapted procedural rules (proposal currently negotiated by the European Parliament and the Council).
- the need to achieve a consistent interpretation and application of the GDPR across the EU. The report stresses that the fact that Data Protection Authorities keep adopting diverging interpretation on key data protection concepts remains a real obstacle to the consistent application of the GDPR in the EU. It is source of legal uncertainty, it increases costs for businesses, disrupts the free movement of personal data in the EU, cross-border business and hampers research and innovation on urgent societal challenges.
- the need for close cooperation across regulatory fields raised by the development of digital regulations, since data protection issues increasingly intersect with questions of, for example, competition law, consumer law, digital markets rules, electronic communications regulation and cybersecurity.
- the need to increase the support to SMEs, small operators and researchers and research organisations, to help them comply with the GDPR. This could be achieved by increasing the development of practical guidance and by achieving a more consistent interpretation and enforcement of the GDPR across the EU.
It is essential to achieve fast and concrete results on these aspects, particularly with regard to consistency of interpretation of the GDPR and support to SMEs. Since the principle of accountability requires data controllers to implement internal procedures and mechanisms to demonstrate adherence to data protection rules, they must have reliable parameters at their disposal, on which to base their decisions on. Not only would this enable companies to move forward in a single, clear direction, but it would also ensure robust protection for individuals and guarantee a secure data flow across the EU.
Data protection is an increasingly important and expanding field, and there have been many positive developments since the Regulation came into force in May 2018, but there is still a lot of work to be done. This requires a joint effort by the Member States, National Authorities and European Institutions.