BRUSSELS – In comments on the General Data Protection Regulation’s (GDPR) two-year review, global tech trade association ITI highlighted the harmonizing effects the landmark regime has had on privacy legislation worldwide but underscored remaining enforcement challenges. To help address these challenges and carry out this important work, ITI urged increased funding for the national Data Protection Authorities (DPAs) in the EU Member States. ITI’s submission to the European Commission’s Directorate-General Justice was also shared with EU Commissioners Jourová and Reynders and Executive Vice President Vestager.
“We recognize the GDPR as a fundamental milestone in privacy legislation that has inspired regulators globally,” said Jason Oxman, ITI’s President and CEO. “Still, more needs to be done to ensure its harmonized application. This includes ensuring adequate funding for national data protection officers, developing further guidance, and implementing tools such as certification that enable international data transfers. Data protection remains a priority for the tech industry, particularly given the current crisis and the different ways tech companies are stepping up to help governments, including by leveraging data to mitigate the spread of the coronavirus. We hope our feedback can facilitate a constructive exchange and provide relevant insights for the European Commission’s critical work. ITI and our members are committed to serving as a resource for policymakers, and we look forward to working together to advance the GDPR’s important objectives.”
ITI also called for maintaining the One-Stop-Shop (OSS) mechanism, in which national DPAs lead cross-border investigations, as a core mechanism under the GDPR. In addition, ITI welcomed the European Commission’s work on enhancing international data transfers through tools such as adequacy decisions, Binding Corporate Rules (BCRs), Standard Contract Clauses (SCCs), and Codes of Conduct, noting that promoting global legal frameworks will enable international data transfers, enhance efficiency, and ensure compliance with the GDPR, all while promoting user trust in new technologies.