Shrouded in secrecy – does the comitology procedure for GDPR adequacy decisions fit its purpose?

Roč.18,č.2(2024)

Abstrakt

With the entry into force of Directive 95/46/EC, the EU based its approach toward data transfers on adequacy decisions, unilateral acts of the European Commission, issued as implementing acts. The EU co-legislators subsequently copied this model into the GDPR and the LED. Since the very beginning, the adequacy procedure involves a comitology phase in which a committee consisting of representatives of Member States expresses its opinion about the Commission's draft implementing act. I argue that adequacy, designed as a technical process, evolved into a tool in which politics, including economic relations and commercial interests, play an ever-greater role. This goes against the concept of comitology, the legitimacy of which is built on denying the political nature of what is delegated. Taking into account the above, as well as other shortcomings of the EU adequacy model, I argue that it is the right time to rethink it. There is also the need for a separate discussion regarding the role of the Article 93 Committee in the adequacy procedure, to be conducted together with the debate on the role and accountability of the European Commission.


Klíčová slova:
General Data Protection Regulation (GDPR); Law Enforcement Directive (LED); Data Transfers; Adequacy Decisions; Comitology

Stránky:
215 – 244
Metriky

0

Crossref logo

0


156

Views

72

pdf (angličtina) views