Shrouded in secrecy – does the comitology procedure for GDPR adequacy decisions fit its purpose?
Shrouded in secrecy – does the comitology procedure for GDPR adequacy decisions fit its purpose?
Author(s): Michal CzerniawskiSubject(s): International Law, Human Rights and Humanitarian Law, Political Sciences, Public Administration, Law on Economics, EU-Legislation, Administrative Law
Published by: Masarykova univerzita nakladatelství
Keywords: General Data Protection Regulation (GDPR); Law Enforcement Directive (LED); Data Transfers; Adequacy Decisions; Comitology
Summary/Abstract: With the entry into force of Directive 95/46/EC, the EU based its approach toward data transfers on adequacy decisions, unilateral acts of the European Commission, issued as implementing acts. The EU co-legislators subsequently copied this model into the GDPR and the LED. Since the very beginning, the adequacy procedure involves a comitology phase in which a committee consisting of representatives of Member States expresses its opinion about the Commission's draft implementing act. I argue that adequacy, designed as a technical process, evolved into a tool in which politics, including economic relations and commercial interests, play an ever-greater role. This goes against the concept of comitology, the legitimacy of which is built on denying the political nature of what is delegated. Taking into account the above, as well as other shortcomings of the EU adequacy model, I argue that it is the right time to rethink it. There is also the need for a separate discussion regarding the role of the Article 93 Committee in the adequacy procedure, to be conducted together with the debate on the role and accountability of the European Commission.
Journal: Masaryk University Journal of Law and Technology
- Issue Year: 18/2024
- Issue No: 2
- Page Range: 215-244
- Page Count: 30
- Language: English
