30 November 2024

EU Privacy Coherence

'The European Data Protection Board - a (non)consensual and (un)accountable role?' by Lisette Mustert and Cristiana Santos comments 

The European Data Protection Board (EDPB) aims to ensure consistent enforcement of data protection laws across the EU through the adoption of guidelines and opinions. However, two challenges have been identified. First, the EDPB's proactive engagement in issuing guidance is sometimes inconsistent, which can lead to discrepancies in the application of data protection laws across the EU, particularly as national Data Protection Authorities (DPAs) issue their own guidelines, creating a fragmented landscape. Second, uncertainty remains regarding the consistency of the EDPB's guidance due to its non-binding nature, which leads to varying interpretations of the GDPR. These challenges raise concerns about the EDPB's ability to ensure compliance with its mandate. This paper examines whether the EDPB is sufficiently independent when drafting guidance and whether it can be held accountable through political, legal, administrative, or social oversight. This paper argues that while the EDPB should maintain complete independence to fully utilize its technical expertise, it should still be subject to ex post accountability mechanisms. However, certain forms of accountability, particularly ongoing control or sanctions, pose a risk to the Board's independence. A comparative analysis highlights both horizontal and vertical misalignments between EDPB and national guidelines, suggesting that the EDPB's role in providing cohesive guidance could be strengthened.