• EN - English
Parliamentary question - E-005637/2021(ASW)Parliamentary question

Answer given by Mr Reynders on behalf of the European Commission

The Commission notes that the Irish Data Protection Commissioner has submitted seven cases to the General Data Protection Regulation (GDPR)[1] Article 60 procedure, including one on Facebook in October 2021 and the latest one on Instagram on 3 December 2021. Two new cases are in the pipeline. One of the results of these submissions has been that the DPC fined WhatsApp with EUR 225 million in August 2021. These high-level cases against big tech companies are only one part of the activities of the DPC. Not all of them lead to a decision. The DPC, as other data protection authorities, may close cases through ‘amicable settlement’, which brings quick results to the citizens while saving on limited administrative resources.

As the figures of the European Data Protection Board show, around 850 procedures related to the One-Stop-Shop have been triggered so far, out of which around 300 final decisions have been issued. Cross-border cases are registered in IMI (Internal Market Information System). Not all cases listed in the IMI case register are deemed to trigger the cooperation mechanism, e.g. IMI includes cases where informal exchange of information is ongoing under mutual assistance, ‘local cases’, cases not meeting the cross-border requirement and other cases that for various reasons do not fall under the scope of application of Article 60 of the GDPR.

It is also important to distinguish between cases that can be resolved quickly, since they do not require extensive investigations, and cases that require complex legal and economic assessment or pose novel issues. In particular, cases that require the assessment and discussion of complex issues of law and fact, might require several months or years, as it is the case for instance for competition law investigations.

Last updated: 9 March 2022
Legal notice - Privacy policy