GDPR enforcement: European Parliament must guarantee procedural rights to ensure people’s data protection

Update: 11 April, 2024 — On April 10, the European Parliament (EP) adopted its position on the General Data Protection Regulation’s (GDPR) Procedural Harmonisation Regulation during a Plenary Session. This text represents a positive step forward for people’s rights by establishing harmonised procedural standards. There are, however, still contradictory elements in the EP’s position that may undermine the objective of strengthening the enforcement of the European Union’s flagship data protection law. 

While Access Now waits for official approval by the Committee for Civil Liberties, Justice and Home Affairs (LIBE) for a mandate for inter-institutional negotiations, the trilogue stage will be crucial in refining the text to ensure greater consensus and clarity, solidifying the rights of the parties to the complaint procedure, and enhancing cooperation processes between Supervisory Authorities (SAs).

15 February, 2024: While it is a step forward in better enforcing the General Data Protection Regulation (GDPR), the European Parliament’s current GDPR Procedural Harmonisation Regulation text is still not enough to safeguard the fundamental rights of people. Today, February 15, the text was approved in the Committee for Civil Liberties, Justice and Home Affairs (LIBE), laying out the blueprints for enhanced procedures for cross-border GDPR complaints and ex-officio investigations.

The GDPR has faced numerous problems with enforcement, preventing people from across the European Union from fully exercising their rights under this cornerstone legislation. While the parliament’s proposed text integrates new key procedural guarantees and advancements for procedural rights that Access Now advocates for, red flags remain. Access Now urges the European Parliament to ensure that the GDPR Procedural Harmonisation Regulation addresses these issues once and for all, solidifying the fixes in the upcoming plenary vote.

Although the European Parliament LIBE Committee’s text on the GDPR Procedural Harmonisation Regulation makes important improvements on the Commission’s proposal of the same law, it still leaves worrying provisions that may jeopardise human rights. The LIBE’s approved text remains vague and contradictory, threatening the guarantee that all parties to the GDPR complaint procedure have a fair opportunity to be properly heard. The European Union must ensure that people get back control over their data and have the tools needed to counter the power Big Tech has over them. Chiara Manfredini, Policy Associate at Access Now

The current text is a step back from the draft report published by the European Parliament’s member leading on the new harmonising procedural law in November 2023. It uses contradictory language that risks reducing existing protections and unduly restricting the rights to be heard and access files for parties involved in a complaint procedure — especially for the complainant. Furthermore, the text places impediments to people in lodging complaints.

Access Now urges the European Parliament to address the following serious shortcomings before a plenary vote:

  • Ensure clear and equal access to the joint case file to both parties along with a clear understanding of what is accessible in it;
  • Provide a clear, not limited or discretionary, equal right to be heard to both the complainant and the party under investigation in the complaint procedure and ensure that both parties’ views are taken into account by Supervisory Authorities (SAs); 
  • Ensure the full harmonisation of the right to lodge a complaint; and
  • Ensure complainants are given an opportunity to provide “missing information” before SAs label a complaint as inadmissible.

To ensure that people’s rights are not undermined, the European Parliament must strengthen the text by incorporating these recommendations during the upcoming plenary vote.