- GDPR is a global standard and factor of convergence in international protection of personal data.
- Strong and effective enforcement of the GDPR vis-à-vis large digital platforms, integrated companies and other digital services is necessary.
- Supervisory authorities should have sufficient resources at their disposal.
Civil Liberties Committee adopted on Tuesday the draft resolution evaluating the GDPR and called for effective enforcement and adequate resources for supervisory authorities.
In the draft resolution adopted on Tuesday with 41 votes to 2 and 24 abstentions, the Civil Liberties Committee concludes that so far the General Data Protection Regulation (GDPR) has been an overall success and that it was not necessary at this stage to update or review the legislation.
An important tool for EU digital diplomacy
The European Commission as well as Member States are urged to push for the creation of international standards that are shaped on European values in international fora. A dominant European position in this field would help to better defend the rights of EU citizens, promote trustful digital innovation and accelerate the economic growth, say MEPs.
The supervisory authorities and enforcement
MEPs are concerned that many supervisory authorities across the EU lack sufficient human, technical and financial resources to perform their tasks and exercise their powers effectively. These authorities should be able to deal swiftly and thoroughly with an increasing number of resource-intensive and complex cases and to coordinate and facilitate cooperation between the national data protection authorities (DPAs). The success of this mechanism depends on the time and effort that DPAs can dedicate to the handling of individual cases and that lack of political will and resources has immediate consequences for the proper work of the mechanism.
The Committee also points to the uneven enforcement of the GDPR by national DPAs resulting in the burden of enforcement falling on individual citizens. The draft resolution also calls on the Irish and Luxembourg DPAs to speed up their ongoing investigations into major cases.
Facilitate implementation for SMEs, schools and clubs
As the application of the GDPR has been particularly challenging for small and medium sized enterprises (SMEs) and some other organisations, the MEPs wish to see more support, information and training to be made available by national authorities, the European Commission and the European Data Protection Board (EDPB) to help with the quality of implementation.
Freedom of expression and information
MEPs are also concerned over abuse of the GDPR by some Member States public authorities in order to curtail journalists and NGOs and underscore that data protection rules should not be used as a way to put pressure on journalists to disclose their sources.
GDPR in public health polices
As pointed out by the MEPs the COVID-19 pandemic has also highlighted that clear guidance from the DPAs and the EDPB is necessary on the appropriate implementation of the GDPR in public health policies.
Juan Fernando López Aguilar (S&D, ES), committee Chair and rapporteur, said: “The Civil Liberties Committee recognises that the General Data Protection Regulation has become the paramount standard for the protection of personal data around the world, placing the EU at the forefront of international discussions about data protection. However, we acknowledge that further work is needed in certain areas and therefore call on the Commission, the supervisory authorities and the Member States to improve efforts and resources in order to achieve full implementation and satisfactory enforcement of the GDPR across the Union.“
Parliament as a whole will vote on the non-legislative resolution during the next plenary session (24-25 March).