CJEU’s AG declares when a lead DPA or a national DPA may prosecute a cross-border case
The opinion affirms the primary role of the Lead Supervisory Authority in GDPR cross-border cases, but with certain exceptions. By Stewart Dresner.
The GDPR’s One-Stop-Shop mechanism should enable companies which conduct cross-border processing to deal with a single Supervisory Authority, instead of 27. The process has some teething problems as can be seen, for example, in this longstanding case regarding Facebook.
The Advocate General of the Court of Justice of the European Union (CJEU), Michal Bobek, in his 17,551 word Opinion of 13 January(1), stresses that the lead data protection authority cannot be deemed as the sole enforcer of the GDPR in cross-border situations and must, in compliance with the relevant rules and time limits provided for by the GDPR, closely cooperate with the other data protection authorities concerned, as they will provide essential input in these cases.
International Report subscribers please login to access the full article.
If you wish to subscribe please see our subscription information.