News

The amendments tabled by the rapporteur are real progress and an important stepping stone in improving the initial text proposed by the European Commission. Key aspects are:

• Criterion of competence of the supervisory authorities: the draft report proposes to use also the place of residence of the citizen, thereby avoiding excessive distance between the citizen and the competent authority. Retaining such criterion also ensures better protection of the rights of the citizens and reduces legal uncertainty for businesses and forum-shopping.
• Single point of contact: the rapporteur proposes to designate a lead-authority as single point of contact for controllers and processors who have activities in more than one Member State. This authority would not have exclusive competence but would have to instruct cross-border situations in the name and on behalf of all the competent authorities, and to ensure coordination before adopting a decision. This is a crucial point if there is to be a balanced co-operation between the supervisory authorities.
• Role of the European Data Protection Board (EDPB): by establishing a consistency mechanism and by considerably strengthening the role and powers of the EDPB – namely by giving it decisional power in respect of the measures proposed by a supervisory authority – the proposals in the draft report create the conditions for a uniform implementation of the European rules.

Also noteworthy is the possibility for the EDPB to draft guidelines for the supervisory authorities, as well as to deliver opinions on the codes of conduct drafted at EU level. Moreover, the EDPB would have to be consulted by the European Commission in the preparation of delegated acts and implementing acts, the  which number would be much reduced.

On all these points, Mr Albrecht's proposals meet the recommendations made by CNIL.

CNIL also welcomes the deletion in the draft report of the possibility to use non-binding legal instruments in the context of data transfers to non-EU Member States.

Lastly, regarding the protection of citizens' rights, CNIL supports the improvements proposed by the rapporteur, namely the use of ‘pseudonymisation' and anonymisation of data, the free exercise of a right to object – which is to be proposed in clear and simple words by the controllers – and the clarification of what constitutes the expression of consent in the on-line environment.

CNIL shall pursue its efforts to ensure that these key elements proposed in Mr Albrecht's draft report are reflected in the final position of the European Parliament and eventually in the EU Regulation. Also, CNIL will continue to promote the insertion of a delisting obligation as a corollary of the right to be forgotten.