NGOs fear potential deprivation of complainants’ rights in EU cross-border privacy cases

Civil society organizations in Europe are rallying together to protect the rights of complainants involved in cross-border data privacy violation cases. There are concerns that upcoming the EU legislation may potentially eliminate the ability of complainants to be fully involved in such cases. The European Commission is currently developing a draft law aimed at standardizing administrative procedures for cross-border cases pertaining to potential violations of the General Data Protection Regulation (GDPR) within the EU. 24 non-governmental organizations, including Access Now, Article 19, the European Consumer Organisation, and the non-profit organization on European digital rights NOYB, coordinated by the Irish Council of Civil Liberties (ICCL), submitted a legal opinion to the EU executive regarding the status of complainants.

Given that the European Commission planned to release its plan for implementation at the beginning of July, Andrea Jelinek, the former president of the European Data Protection Board, submitted an official letter to the Commission in October 2022, requesting that the GDPR be implemented as soon as possible. Jelinek emphasized differences in how complaints are handled across the EU, which has resulted in public disagreements and litigation between complainants and privacy regulators. The most notable event occurred when the Irish Data Protection Commissioner ordered the NOYB to remove the authorities’ draft ruling in an Austrian NGO case. This dispute arose due to a disagreement over legal requirements. The Irish regulator asked NOYB to agree to a non-disclosure agreement, but Austrian administrative law does not impose such restrictions on complainants who wish to use the documents.