Skip to content
Guidance · EDPB ·62024-on-the-second-report-on-the-application-of EN LLM context A cited markdown file you can paste into your AI assistant (ChatGPT, Claude, a RAG or project knowledge base) to ground it in this document. Contains: this document’s text, its sections with their topics, and the full text of every law provision it applies. Everything links back to its source on overview.legal — legal information, not advice.

Statement 6/2024 on the Second Report on the Application of the General Data Protection Regulation - Fostering Cross-Regulatory Consistency and Cooperation

Summary

1 Statement 6/2024 on the Second Report on the Application of the General Data Protection Regulation - Fostering Cross - Regulatory Consistency and Cooperation Adopted on 3 December 2024 Executive summary The European Data Protection Board welcomes the reports from the European Commission and the Fundamental Rights Agency and takes this opportunity to confirm several ongoing initiatives which would help address some recommendations on cooperation under the GDPR, the future R egulation laying…

How it connects

Full text 3 sections

Paragraphs carrying a topic or an applied provision show those connections inline Original at the source →
¶1

Statement 6/2024 on the Second Report on the Application of the General Data Protection Regulation - Fostering Cross - Regulatory Consistency and Cooperation Adopted on 3 December 2024 Executive summary The European Data Protection Board welcomes the reports from the European Commission and the Fundamental Rights Agency and takes this opportunity to confirm several ongoing initiatives which would help address some recommendations on cooperation under the GDPR, the future R egulation laying down procedural rules relating to the enforcement of the GDPR as well as u nder other relevant legislation . In this context, the EDPB underlines the importance of legal certainty and coherency of digital legislation with the GDPR. In the meantime, the EDPB also wishes to step up its efforts to produce content that is accessible to non - experts, SMEs and other relevant groups. The DPAs and EDPB’s ability to face those challenges will depend on the attribution of necessary additional financia l and human resources. THE EUROPEAN DATA PROTECTION BOARD HAS ADOPTED THE FOLLOWING STATEMENT The European Data Protection Board (EDPB) welcomes the European Commission’s second report on the application of the General Data Protection Regulation (GDPR) ( COM (2024) 357 final, “ the Report”) addressed to the European Parliament and to the Council. The EDPB is also pleased to concur with the Commission’s finding that, despite all of the challenges, the application of the GDPR has helped individuals to gain more control over their data, created a level playing field for businesses, provided a cornerst one for the EU’s digital transition and contributed to the emergence of high international standards in data protection. The EDPB particularly thanks the Commission for acknowledging its continuous work to ensure the consistent interpretation and effective application of the GDPR.

¶2

The EDPB takes this as an opportunity to confirm several of its ongoing initiatives and commitments which will help to address some of the Commission’s calls for action, and to share its observations on the question of the interplay between the GDPR and new EU digital legislation in particular. The EDPB recognises the importance of the Commission’s reporting work on the application of the GDPR, and would support a holistic method ological approach for the next evaluation of the GDPR that explores the interpl ay between the GDPR and other EU digital leg islation . The EDPB would like to re - emphasise its commitment to fostering cross - regulatory consistency and securing cooperation with other regulatory authorities, which is an integral part of the EDPB Strategy 2024 – 2027, particularly in Pillar

¶3

In that regard, the EDPB has identified the need to clarify the substantive and regulatory enforcement interplay between the application of the GDPR and other EU digital legislation , particularly the EU Artificial Intelligence Act or those derived from the EU Data Strategy and the Digital Services Package. The EDPB has already begun to work on this issue within the scope of its competences, including preparation of guidelines on the interplay between the GDPR and some of these new EU digital legislation (EDPB Strategy 2024 – 2027, pillar 3, key action 1). Where appropriate, the EDPB may decide to develop guidance together with the Commission (or other competent authorities), as is the case for the joint guidance on the interplay between the Digital Markets Act (DMA) and the GDPR. The EDPB welcomes the Commission’s invitation to establish cooperation with other sectoral regulators established under the new EU digital legislation . To that end, the EDPB will among others continue to actively participate in EU - level structures designed to facilitate this cross - regulatory cooperation, such as the DMA High Level Group and the European Data Innovation Board. In addition, as part of the implementation of Pillar 3 of its Strategy, the EDPB has decided to establish a subgroup on cross - regulatory interplay and cooperation. The EDPB also considers it crucial to establish enforcement cooperation mechanisms between regulators which should be subject of the future evaluation of the GDPR and the digital legislation as well. The EDPB acknowledges the Commission’s observation on the increased use of the cooperation and consistency mechanisms. It notes that the number of cross border cases continues to grow, with exchanges of information taking place at an early stage in this pr ocess. One of the EDPB’s key strategic objectives is to actively support the development of cooperation and enforcement tools, as well as the sharing of expertise and methodologies, between all of its members. Among other ways, it does this through initiat ives such as the Support Pool of Experts, the Coordinated Enforcement Framework and the EDPB secondment programme ( EDPB Strategy 2024 – 2027, Pillar 2, Key Action 1). Moreover, the EDPB has made it a priority to support the practical implementation of the EU Regulation laying down 3 additional procedural rules relating to the enforcement of the GDPR, including by the Data Protection Authorities at national level (EDPB Strategy 2024 – 2027, Pillar 2, Key Action 3), once it has been adopted. The EDPB also welcomes the Commission's announcement of its intention to contribute to the facilitation of international enforcement cooperation between supervisory authorities . This includes through seeking approval for the negotiation of cooperation and mutual assistance agreements with third countries, which complements the existing work of the EDPB and its members. The EDPB’s core task is to ensure the consistent application of the GDPR and one of the available means for doing so is to provide guidelines. The objective of providing concise and practical guidelines, as noted in the report, is reflected in the EDPB’s 2 024 – 2027 Strategy, which include a commitment to develop tools for a wider audience, and to produce content that is accessible to non - experts, SMEs and other relevant groups such as children. The EDPB will also strive to improve its internal processes and procedures for the drafting of new guidance. The EDPB reaffirms the high value that it places on both the transparency of its decision - making and the input provided by external stakeholders. The EDPB underlines that, in order to maintain a high level of protection of personal data and to properly deal with increasingly complex challenges and additional competences , there is a genuine need for the DPAs and EDPB to have additional financial and human resources, as also highlighted by the Fundamental Right Agency (FRA) Report 1 . The EDPB notes that the ne ed for such increased resources can be further demonstrated through a comprehensive analysis of resources available to supervisory authorities in light of both their additional competences under new digital legislation and inflation . Finally, the EDPB would like to seize the opportunity to call on the Commission to further assess the deficiencies described in the FRA report relating to the guarantees of independence affecting supervisory authorities in some Member States. For the European Data Protection Board The Chair Anu Talus 1 https://fra.europa.eu/en/publication/2024/gdpr - experiences - data - protection - authorities

Similar Content