• EN - English
  • FR - français
Parliamentary question - E-001764/2023(ASW)Parliamentary question
E-001764/2023(ASW)

Answer given by Mr Reynders on behalf of the European Commission

The independent authorities competent to monitor and enforce compliance with the General Data Protection Regulation (GDPR)[1] are the national data protection authorities (DPAs), under the control of courts.

As indicated in the statement of the European Data Protection Board (EDPB) to which the Honourable Member refers, Member States are indeed required, including under Article 96 GDPR, to assess their existing international agreements and, where necessary, bring them in line with EU law.

The DPAs have indicated that they are ready to assist the Member States in this exercise and the Commission understands that several of them are indeed in discussions with their ministries[2].

Several DPAs have also been dealing with requests/complaints concerning the data protection aspects of these international agreements.

For example, the Belgian DPA recently issued a decision on the Belgian agreement implementing the United States (US) Foreign Account Tax Compliance Act[3]. Investigations in the same field are ongoing in different Member States before DPAs and courts.

The Commission will continue to closely follow further developments in this regard, including if they would lead to developing a common position within the EDPB.

The Commission will also continue to work with the US authorities in order to bring further relief to the affected EU citizens. The Commission is systematically raising this issue with its US counterparts in the context of the bi-annual EU-US Regulatory Forum.

In parallel, the Commission is in close contact with the Member States , including in the context of the Council Working Group on Tax Questions, where Member States are exchanging views about the implementation of their international agreements in this area, including the data protection safeguards that are needed.

Last updated: 19 July 2023
Legal notice - Privacy policy