FEDMA regrets neglecting of fundamental concerns in European Parliament’s Position on GDPR Procedural Rules

On 10 April, the European Parliament adopted its position on the European Commission’s proposal on GDPR Procedural Rules. Regrettably, the text voted in plenary introduces adversarial elements into an essentially administrative process, raising concerns on the defendants’ right to be heard, confidentiality measures, and conflicts with the GDPR’s one-stop-shop mechanism.

FEDMA, along with other tech trade associations, voiced these concerns in a joint letter ahead of the plenary vote calling for:

• Preserving the confidentiality of the information provided by the defendants
  • This does not mean hiding key information which could be relevant for the investigation by the Lead Supervisory Authority (LSA), but rather ensuring that business sensitive information is only accessible by the relevant entities involved in cross-border cases and mitigating any risks of this information being disclosed to external actors.
• Upholding the One-Stop-Shop mechanism
  • While the European Commission’s original proposal enhanced this mechanism by introducing additional steps in the cooperation among supervisory authorities, changes proposed in the LIBE report and adopted by the Parliament in plenary would weaken the central role of the LSA.
• Removing the adversarial procedure
  • The European Commission’s original proposal appropriately balanced the involvement and rights of the complainant and the investigated party in data protection cases. Conversely, EU lawmakers are turning GDPR investigations into an adversarial process, putting both parties on an equal footing, overlooking that parties under investigation face greater repercussions than complainants.

As work continues towards a Council position and trilogue negotiations, FEDMA urges policymakers to address these serious legal concerns and engage in a more detailed and evidence-based discussion on the proposal and its implications.