Databescherming: Raad geeft voorkeur aan 'alles-onder-één-dak' principe (en)

Met dank overgenomen van Litouws voorzitterschap Europese Unie 2e helft 2013 i, gepubliceerd op maandag 7 oktober 2013.

The Council had an in depth discussion on the proposal for a regulation setting out a general EU framework for data protection with the aim of providing guidance for further work at expert level on the "one-stop-shop" mechanism laid down in the Commission proposal.

The “one-stop-shop” principle, together with the consistency mechanism, is one of the central pillars of the Commission proposal. According to this principle, when the processing of personal data takes place in more than one member state, one single supervisory authority should be competent for monitoring the activities of the controller or processor throughout the Union and taking the related decisions. The proposal states that the competent authority providing such one-stop-shop should be the supervisory authority of the member state in which the controller or processor has its main establishment.

The Council expressed its support for the principle that, in important transnational cases, the regulation should establish a "one-stop-shop" mechanism in order to arrive at a single supervisory decision, which should be fast, ensure consistent application, provide legal certainty and reduce administrative burden. This is an important factor to enhance the cost-efficiency of the data protection rules for international business, thus contributing to the growth of the digital economy.

The discussion focused on how to arrive at such a single decision. A majority of the member states indicated that further expert work should continue along a model in which a single supervisory decision is taken by the “main establishment” supervisory authority, while the exclusive jurisdiction of that authority might be limited to the exercise of certain powers.

The Council indicated that the experts should explore methods for enhancing the “proximity” between individuals and the decision-making supervisory authority by involving the “local” supervisory authorities in the decision-making process. This proximity is an important aspect of the protection of individual rights.

Another important element towards increasing the consistency of the application of EU data protection rules will be to explore which powers and role could be entrusted to the European Data Protection Board (EDPB).

In January 2012, in the light of rapid technological developments and globalisation, the European Commission presented a legislative package to update and modernise the principles enshrined in the 1995 Data Protection Directive (Directive 95/46/EC), to guarantee data protection rights in the future. The package includes a policy communication setting out the Commission's objectives (5852/12), and two legislative proposals: a regulation on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) (5853/12) and a directive on protecting personal data processed for the purposes of prevention, detection, investigation or prosecution of criminal offences and related judicial activities (5833/12).

These proposals are aimed at building a stronger and more coherent data protection framework in the EU, backed by strong enforcement that will allow the digital economy to develop across the internal market, put individuals in control of their own data and reinforce legal and practical certainty for economic operators and public authorities.