![Default Article Featured Image_laptop-newspaper-global-article-090623[95].jpg](https://images.contentstack.io/v3/assets/bltd4dd5b2d705252bc/blt61f52659e86e1227/64ff207a8606a815d1c86182/laptop-newspaper-global-article-090623[95].jpg?width=3840&quality=75&format=pjpg&auto=webp)
On February 7, the Commission of European Affairs of the National Assembly—House of the Parliament elected by the French people—has adopted a draft resolution in reaction to the proposal for European regulation on the protection of personal data. It welcomes the objectives of modernization, harmonization and simplification of the draft European regulation and the stress put on greater accountability of data controllers.
It acknowledges also a certain number of measures such as the right to be forgotten; the right to data portability; consent based on positive action as opposed to silence or inaction, and mandatory appointment of DPO in public sector and for companies above 250 employees.
However, the resolution points to provisions raising economical, political and legal concerns.
Some concerns are actually shared with the CNIL, the French Data Protection Authority—such resolution is in line with the concerns previously
by the CNIL—in particular regarding the competence given to the supervisory authority (DPA) of the country of the main establishment of the data controller in the EU. The Commission of European Affairs considers that DPAs must remain close to citizens, who must be provided with easy and rapid means to defend their rights in their own country. It supports the alternative that a member state’s DPA must be competent over any processing targeting specifically the population of that member state, wherever the data controller is established.
The process of cooperation between DPAs, as described in the draft European regulation, is not sufficient to provide effective and rapid solutions to data protection issues. For example, it is noted that in case of a security breach, impacting several member states but notified only to the DPA having jurisdiction, it is not required that such DPA informs the others. Concerns are also expressed with respect to sensitive data processing which would require a “strengthened” cooperation for a more rigorous control.
It is also noted that with the centralization of powers in the hands of the European Commission, exclusively competent for specifying the guidelines and implementation rules of the draft European regulation, the powers of the DPAs will be necessarily limited. According to the Commission of European Affairs, a better balance should be struck because of DPAs’ technical expertise on such matters.
The resolution is also in favor of stronger controls around international data transfers by preserving the possibility for DPAs to provide prior authorizations.
Members of Parliament finally wish for the adoption of international instruments for the protection of personal data beyond the geographic sphere of the European Union and call upon the French government to make sure that the future, European framework better protects French citizens.
Similar review work is now ongoing at the Senate, the other house of the French Parliament, where a resolution will be drafted and discussed on March 6.
