Institutional Governance of Data Protection Law
Acronyms
DPA: Data Protection Authority (= onafhankelijke toezichthoudende autoriteit)
DPO: Data Protection Officer (= functionaris voor gegevensbescherming)
EDPB: European Data Protection Board (= Europees Comité voor gegevensbescherming)
EDPS: European Data Protection Supervisor
DPIA: Data Protection Impact Assessment
CSC: Coordinated Supervision Committee
Governance model before & after GDPR
Decentralized
- Absence of vertical oversight
- Cross-border cases involving multiple supervisory authorities are governed by ad
hoc mechanisms while there is evident regulatory arbitrage between supervisory
authorities in contentious cases
‘’Europeanization’’ of data governance
- Creation of EDPB with coordination and coherence mechanisms
- Interference with supervisory independence?
‘Watchdogs of the Digital Age’
DPA
- First contact point for data subjects in cases of privacy breaches
- Art. 4 lid 21, GDPR: ‘supervisory authority’ means an independent public authority
which is established by a Member State pursuant to Article 51
- The supervisory authority is the main body in national law that ensures
compliance with EU Data Protection law
EDPS
- Wojciech Wiewiórowski: he was appointed by a joint decision of the European
Parliament and the Council on 5 December 2019 for a term of five years
- Bron: EDPS organisation chart
EDPB
- Ensuring that data protection rules are applied effectively and consistently
throughout the EU
- Art. 68 GDPR: EU body with legal personality
- Successor of Article 29 Working Party
- EDPB comprises the heads of the supervisory authorities of each Member State
and the EDPS, or their representatives
- The Commission has the right to participate in the EDPB’s activities and meetings,
but does not have voting rights
Acronyms
DPA: Data Protection Authority (= onafhankelijke toezichthoudende autoriteit)
DPO: Data Protection Officer (= functionaris voor gegevensbescherming)
EDPB: European Data Protection Board (= Europees Comité voor gegevensbescherming)
EDPS: European Data Protection Supervisor
DPIA: Data Protection Impact Assessment
CSC: Coordinated Supervision Committee
Governance model before & after GDPR
Decentralized
- Absence of vertical oversight
- Cross-border cases involving multiple supervisory authorities are governed by ad
hoc mechanisms while there is evident regulatory arbitrage between supervisory
authorities in contentious cases
‘’Europeanization’’ of data governance
- Creation of EDPB with coordination and coherence mechanisms
- Interference with supervisory independence?
‘Watchdogs of the Digital Age’
DPA
- First contact point for data subjects in cases of privacy breaches
- Art. 4 lid 21, GDPR: ‘supervisory authority’ means an independent public authority
which is established by a Member State pursuant to Article 51
- The supervisory authority is the main body in national law that ensures
compliance with EU Data Protection law
EDPS
- Wojciech Wiewiórowski: he was appointed by a joint decision of the European
Parliament and the Council on 5 December 2019 for a term of five years
- Bron: EDPS organisation chart
EDPB
- Ensuring that data protection rules are applied effectively and consistently
throughout the EU
- Art. 68 GDPR: EU body with legal personality
- Successor of Article 29 Working Party
- EDPB comprises the heads of the supervisory authorities of each Member State
and the EDPS, or their representatives
- The Commission has the right to participate in the EDPB’s activities and meetings,
but does not have voting rights
