In January 2012, the European Commission presented a legislative package to update the core data protection principles enshrined in the 1995 Data Protection Directive (Directive 95/46/EC). The policy objectives of the European Commission set out an ambition to build a more cohesive EU data protection framework supported by stronger enforcement. Central to facilitating this were proposals for a General Data Protection Regulation (the Regulation) and a directive on protecting personal data.
On 7-8 October 2013, the Justice and Home Affairs Council (the Council) debated the European Commission's proposals. In a press release, the Council showed its support for a 'one-stop-shop' for data protection compliance, rather than the existing 28-member state compliance approach, as well as a consistency mechanism, both of which form the core pillars of the proposals.
The Council suggested that consistency in the application of EU data protection rules could be achieved by entrusting central power with the European Data Protection Board, which would take over from the existing Art. 29 Working Party, to ensure a harmonised approach to the Data Protection Framework.
The one-stop-shop principle would create consistency for international organisations to process personal data in multiple member states through the appointment of a single competent authority to monitor the data controller's activities across all member states. The relevant supervisory authority would be determined by the member state in which the data controller or processer has its main establishment. The supervisory authority would also be responsible for providing a single supervisory decision in the context of enforcement. However, Council debate reached an impasse when discussing how this decision should be reached. While some member states support further expert work toward a single...