Introduction to Enforcing Privacy

Abstract

This book received its fi nal edit at a crucial moment in the EU process of data pro- tection reform with the fi nalisation of the trilogue negotiations between the European Parliament, Council and Commission, and the fi nal stage of the arduous process of bringing the General Data Protection Regulation (GDPR) into law. The Regulation contains a new governance model that combines powerful data protection authori- ties (DPAs), along with increased co-operation, a lead DPA and a European Data Protection Board with real functional and fi nancial independence and the power to issue binding decisions. Attention with regard to DPA co-operation and enforce- ment should be given particularly to GDPR Chapters VI (supervisory authorities) and VII (co-operation and consistency), the latter defi ning amongst others the pow- ers of the Board in its consistency monitoring capacity. The EU reform process was fi nalised in a rocky period when courts and DPAs started hitting the news with far-reaching actions and judgments. 1 On 6 October 2015, the Court of Justice of the European Union (CJEU) issued the Schrems judgment, invalidating the European Commission’s Decision of 2000 that recognised the adequacy of the EU-US Safe Harbor framework. In addition to this invalidation of the adequacy decision, the CJEU upheld the power of national DPAs to independently investigate international data transfers based on adequacy