The One-Stop-Shop mechanism (OSS), is essential to support the consistent implementation of the GDPR in order to achieve the EU single market. The OSS brings important benefits to individuals, organizations and Supervisory Authorities (SAs). However, the OSS is facing a growing amount of criticism and risks being undermined. Its challenges should now be discussed and addressed, with all those involved, working together to support the OSS.
CIPL started working on the OSS at the end of 2020. At this time, CIPL’s objective was to issue a comprehensive and wide-ranging discussion paper based on feedback from members with global headquarters in the EU as well as outside of the EU, providing background information and spotting the main issues.
This paper makes the case that a strong effort should be made at the European level and among SAs to address the OSS challenges. In order to achieve this, CIPL recommends the EDPB to:
- Continue to work further to foster respect, mutual recognition, sharing and understanding of the regulatory approaches, processes and decision-making capacity of other Member States
- Take inspiration from areas where approaches to build a common understanding of problems, procedures and regulatory techniques have successfully developed trust and improved working relationships
- Encourage the creation of a common framework for procedural rules for the stages of supervisory action under Chapter VII of the GDPR, including rules on transparency and the right to be heard
- Continue to promote the application of the OSS in the e-Privacy Regulation and other digital areas to ensure consistent enforcement and reduce the risk of double jeopardy;
- Foster exchanges between SAs regarding different regulatory approaches, the compliance effects they deliver, and methods of encouraging behavioral changes focused on desired outcomes;
- Continue to ensure that “relevant and reasoned objections” and mutual assistance and joint operation procedures should only be used in limited cases of serious concern to further promote SAs’ self-restraint
- Consider enabling organizations to validate their main establishment and set up a voluntary register
- Adopt guidelines on how corrective measures should apply, including a clear and transparent decision matrix for calculating administrative fines
- Foster “self-regulation” amongst SAs themselves through the commitments in a Memorandum of Understanding (MoU), to complement the GDPR cooperation processes
- Consider working in the longer term on the basis of a panel of three CSAs, set up to coordinate a single composite response to a proposed LSA decision
- Provide for a presumption that the LSA approach will be accepted unless there are compelling reasons against doing so.
Download the Paper
Download NowMore like this
Key Takeaways: GDPR Procedural Regulation – One Year Later – Where Are We Now?
Find out more
The GDPR’s First Six Years: Positive Impacts, Remaining Implementation Challenges, and Recommendations for Improvement
Find out more
Bridging the DMA and the GDPR – CIPL Comments on the Data Protection Implications of the Draft Digital Markets Act
Find out more
How the “Legitimate Interests” Ground for Processing Enables Responsible Data Use and Innovation
Find out more
A Path Forward for International Data Transfers under the GDPR after the CJEU Schrems II Decision
Find out more
Data Subject Rights under the GDPR in a Global Data Driven and Connected World
Find out more
Key Issues Relating to Standard Contractual Clauses for International Transfers and the Way Forward for New Standard Contractual Clauses under the GDPR
Find out more
