Europaudvalget 2019-20
EUU Alm.del
Offentligt
2206845_0001.png
Ref. Ares(2020)2727698 - 26/05/2020
D I D I E R RE Y N D E R
MEMBER OF THE EUROPEAN COMMISSION
JUSTICE
Rue de la Loi, 200 B-1049 Brussels
Phone: +32-2 295 09 00
[email protected]
Brussels,
Ares S(2020)1659823
Dear Minister,
Thank you for your letter and your kind words on my appointment as Commissioner for Justice. I
also very much look forward to our close cooperation.
I fully share your view that the protection of the fundamental rights of citizens and in particular of
their right to the protection of personal data is indeed a cornerstone of the European approach to the
digital age.
As you mentioned in your letter, I will present the first report on the evaluation of the General Data
Protection Regulation (GDPR) after two years of experience of the application of the GDPR. I
appreciate that you share in your letter your views on some of the related issues.
As required by Article 97(4) of the GDPR, the up-coming report will take into account in particular
the positions and findings of the European Parliament, of the Council, and of other relevant bodies
or sources. Accordingly, the Commission consulted also the European Data Protection Board
(EDPB) and the national data protection supervisory authorities. Furthermore, the Commission will
take into account the contributions of the multi-stakeholder expert group, which is providing a
balanced representation of business and civil society organisations.
Hon. Minister Nick Hækkerup
Ministry of Justice
Slotsholmsgade 10
1216 Kopenhagen
Denmark
 EUU, Alm.del - 2019-20 - Endeligt svar på spørgsmål 217: Spm. om procesplan for en danske evaluering af persondataforordningen i relation til Kommissionens kommende evaluering i juni 2020, til justitsministeren, kopi til udenrigsministeren
In that report, the Commission will in particular examine the application of the cooperation and
consistency mechanisms. I share your view that these new mechanisms are of key importance for a
consistent application of the GDPR especially for monitoring and enforcing the application of the
GDPR towards big tech companies. In that respect, my services are currently assessing the input
received from the supervisory authorities and from the members of the multi-stakeholder group.
This input encompasses, amongst others, responses on whether the supervisory authorities
encounter any problems/obstacles in the context of the one-stop-shop mechanism as well as on the
use of their enforcement powers, including administrative fines. The members of the multi-
stakeholder group were asked on their experience with the supervisory authorities, the one-stop-
shop mechanism and the consistency mechanism as well as the application on the GDPR in relation
to new technologies.
I take also note of the importance of the margin left by the GDPR for national legislators, that you
stress in your letter and which is also addressed in the position of the Council of 15 January 2020.
This margin for national legislators is framed by the requirements of the Charter, the need to ensure
the free flow of personal data within the EU and the conditions of the GDPR for related national
legislation specifying the application of certain of its rules in relation to a legal obligation or public
task. This is relevant also for video surveillance and the use of facial recognition technology under
the conditions of the Regulation in particular for the processing of special categories of personal
data.
I am also aware that businesses, voluntary associations and small entities need specific guidance to
comply with the GDPR, in particular where they have not been made aware of the previous data
protection rules in place before the GDPR based on the Data Protection Directive 95/46, on which it
largely builds. In that respect I note from the information provided by the supervisory authorities,
that in most Member States, including in Denmark, provided guidance by publication, online-tools,
checklists and participated in conferences and events addressed specifically to SMEs.
In any case, the application of the GDPR requires constant monitoring in the years to come, in
particular in view of emerging new technologies. The up-coming report starts the reporting process
on the application of the GDPR and will be followed by further reports every four years on the basis
of further experience.
Yours sincerely,
(e-signed)
Didier Reynders
 EUU, Alm.del - 2019-20 - Endeligt svar på spørgsmål 217: Spm. om procesplan for en danske evaluering af persondataforordningen i relation til Kommissionens kommende evaluering i juni 2020, til justitsministeren, kopi til udenrigsministeren
2206845_0003.png
Electronically signed on 20/05/2020 15:06 (UTC+02) in accordance with article 4.2 (Validity of electronic documents) of Commission Decision 2004/563