The OSS principle aims to create consistency for international organisations to process personal data in multiple member states through the appointment of a single competent authority to monitor the data-controller’s activities across all EU Member States. In November, the Presidency of the EU Council of Ministers announced its latest plans to remodel the OSS mechanism in its updates to the draft General Data Protection Regulation.
These amendments seek to address some of the concerns with the OSS principle which we reported on in March. Rather than the OSS being automatic, the proposals adopt an elective system whereby a business must apply for a lead regulatory authority. The proposal also addresses the need for an effective uniform decision-making process in conjunction with an effective redress based on geographic proximity for citizens.
The Presidency also proposed a process to ensure a uniform decision-making by entrusting the European Data Protection Board with binding powers, albeit in limited cases, so long as decisions are made by a two-thirds majority.
In addressing proximity, the Presidency’s proposal attempts to address concerns raised by Data Protection Authorities (DPAs), by creating a cooperation mechanism for multi-jurisdictional matters involving several Member States’ DPAs. These proposed joint decisions seek to ensure that all interests are taken into account.
The Proposal suggests a more flexible and balanced methodology to OSS under the Regulation, balancing the interests of both EU citizens and of businesses operating among several EU Member States.