Brussels, 26 January 2024
Ahead of Data Protection Day on 28 January, Věra Jourová, Vice-President for Values and Transparency, and Didier Reynders, Commissioner for Justice, issued the following statement:
“This year the General Data Protection Regulation (GDPR) will celebrate its 6th anniversary as the EU flagship data protection law and a global benchmark for privacy regulation. It is delivering for citizens and businesses. Continuing to ensure its full implementation and robust enforcement remains our top priority. Therefore, last July we presented new rules to improve the cooperation of national data protection authorities in cross-border cases. This is relevant in particular to ensure compliance of the big tech multinationals. This year, we will issue the second report on the application of the GDPR.
In an interconnected digital world, protecting the rights of Europeans does not stop at the borders of the EU. This is why ensuring that protection travels with the data is a key objective of our mandate. Important developments have recently taken place in this area, such as the adoption of the EU-US Data Privacy Framework, strengthening of the 11 adequacy decisions, on which we issued a detailed report earlier this month, and progress made in negotiations with Brazil. We will further step up our engagement with international partners to develop this network even further.”
Background
In 2006, the Council of Europe launched a Data Protection Day to be celebrated each year on 28 January.
On 10 October 2022, the European Data Protection Board (EDPB) addressed a “wish-list” to the Commission, calling for harmonised procedural rules at EU level. In July 2023, the Commission adopted a proposal for a Regulation complementing the GDPR and laying down additional procedural rules relating to its enforcement, to improve the cooperation of national data protection authorities in cross-border cases. The Commission is actively supporting the Council and the European Parliament who are currently discussing the Commission’s proposal.
On 10 July 2023, the Commission adopted its adequacy decision on the EU-US Data Privacy Framework. On 15 January 2024, it adopted a report concluding that 11 adequacy decisions under the data protection legislation that preceded the GDPR.
In 2024, as required by the GDPR, the Commission will also issue its second report on the application of the GDPR. It will update the assessment presented in the 2020 report, taking account of developments since then.