Please note that this does not constitute a formal record of the proceedings of the meeting. It is dependent on interpretation and acts as an unofficial summary of the debate.
On June 6 2014, an orientation debate on the one-stop-shop mechanism of the General Data Protection Regulation was held in the Justice Council. The meeting was chaired by the Greek Presidency and also attended by Commission Vice-President and Commissioner for Justice, Fundamental Rights and Citizenship, Viviane Reding. Please see below for a summary of the debate.
The Greek Minister for Justice, Transparency and Human Rights and representative of the Greek Presidency of the EU, Christos Geraris, launched the debate by noting that the one-stop-shop mechanism had been discussed with the Council legal service at the December Council meeting but an agreement had not yet been reached. During Greece’s Presidency, they had presented various alternative proposals bearing in mind the need for proximity and legal remedies. The dossier was not yet at the stage where an agreement could be envisaged, but this discussion was designed to focus on some improvements and parts that had been redrafted.
Commissioner Viviane Reding clarified that in Europe, institutional continuity (for example on data protection) means that decisions taken by the European Parliament in March are also binding on the new European Parliament from July onwards. This is the same for the Commission and the Council, with full continuity of all legislative procedures.
She said that in December, the Justice Ministers had asked for an efficient one-stop-shop mechanism and the Presidency had responded to this call. Purely local cases would be dealt with by the local data protection authority (DPA), but there would be strengthened cooperation between authorities, so that the lead authority was not acting alone. This decision is binding on the main establishment of the company in question, requiring it to be executed in each Member State. The Presidency proposal ensures that citizens choose which DPA to go to. Much debate had been conducted on the place of the citizen in the one-stop-shop mechanism. Some suggest that the present situation is sufficient and there is no need to change, but she disagreed with this stance. The ability of a national DPA is dependent on whether a company is established in its territory. If it is established in another state, then the local DPA cannot investigate or sanction and is therefore toothless in this context. She cited the example of the Austrian student who had to complain to the supervisory authority in Ireland and the recent case on Google. Under the current situation, a DPA would have limited options, but the new regulation would ensure effective enforcement. The current system is also bad for business, given that companies processing data in the EU have to deal with 28 national regulators. A one-stop-shop would mean one continent, one rule and one regulation. This would improve the situation for citizens and businesses alike and she was confident that they would be able to go forward on this basis under the Italian Presidency.
The representative from Denmark said that her country had anticipated several problems with their constitution if foreign authorities could make a decision that would affect businesses and citizens in Denmark. She was glad that the Commission and Presidency had acted on this concern with a solution that could solve the Danish problem and she hoped that work could continue on this basis.
If you are interested in reading the full briefing or the corresponding briefing on the Partial General Approach on Chapter V of the proposal for the General Data Protection Regulation, please sign up for a free trial of the Dods EU Monitoring service.