Skip to main content
SpringerLink
Log in
Book cover

The European Union as Guardian of Internet Privacy pp 389–448Cite as

Understanding the Role of Cooperation Mechanisms of DPAs: Towards a Layered Model of Horizontal Cooperation Between DPAs, a Structured Network of DPAs and a European DPA

  • Chapter
  • First Online:

  • 1637 Accesses

Part of the book series: Law, Governance and Technology Series ((ISDP,volume 31))

Abstract

This chapter analyses the cooperation between the independent data protection authorities (“DPAs”) in ensuring the control over privacy and data protection on the internet. Whereas control by DPAs is an essential element of data protection, cooperation between DPAs is an essential element of the control.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   149.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   199.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD   199.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    See on this, Special issue: The Constitutional Adulthood of Multi-Level Governance, Maastricht Journal of European and Comparative Law 2014, Volume 21, nr 2.

  2. 2.

    Recital 65 and Articles 29 and Article 30 (1) (a) of Directive 95/46.

  3. 3.

    As explained in Chap. 4. Even the domain of shared competence, as specified in Article 2 (2) TFEU essentially means a procedure for the division of competences.

  4. 4.

    Francesca E. Bignami, Transgovernmental Networks vs. Democracy: The Case of the European Information Privacy Network, Michigan Journal of International Law, Vol. 26, pp. 807–868, 2005, at 821, as will be explained in Sect. 8.7 below.

  5. 5.

    Comparable to regulatory agencies as described by David Coen and Mark Thatcher, Network Governance and Multi-level Delegation: European Networks of Regulatory Agencies, Journal of Public Policy, Vol. 28, Issue 01, April 2008, pp 49–71.

  6. 6.

    Recital 64 of Directive 95/46.

  7. 7.

    See on this, E. Chiti, An important part of the EU’s institutional machinery: Features, problems and perspectives of European agencies, CMLR, 46, pp. 1395–1442, 2009, at 1412.

  8. 8.

    Herwig C.H. Hofmann, Herwig & Morgane Tidghi, “Rights and Remedies in Implementation of EU Policies by Multi-Jurisdictional Networks”, European Public Law, 20, No.1, 147–164, 2014.

  9. 9.

    Anna-Sara Lind and Jane Reichel, Administrating Data Protection – or the Fort Knox of the European Composite Administration, Critical Quarterly for Administration and Law (EuCritQ), 1, pp. 44–57, 2014.

  10. 10.

    As explained in Chap. 3.

  11. 11.

    Article 28(6) of Directive 95/46.

  12. 12.

    See example in Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions, Safeguarding Privacy in a Connected World A European Data Protection Framework for the 21st Century, COM (2012), 9 final, at 7.

  13. 13.

    As explained in Chap. 7, Sect. 7.8.

  14. 14.

    Case C-518/07, Commission v Germany, EU:C:2010:125, at 41–46.

  15. 15.

    Term used by Anna-Sara Lind and Jane Reichel, Administrating Data Protection – or the Fort Knox of the European Composite Administration, Critical Quarterly for Administration and Law (EuCritQ), 1, pp. 44–57, 2014.

  16. 16.

    Term used by Francesca E. Bignami, Transgovernmental Networks vs. Democracy: The Case of the European Information Privacy Network, Michigan Journal of International Law, Vol. 26, pp. 807–868, 2005.

  17. 17.

    In the words of Lind and Reichel, they are cut loose from their foundation in the national and the European legal order, Anna-Sara Lind and Jane Reichel, Administrating Data Protection – or the Fort Knox of the European Composite Administration, Critical Quarterly for Administration and Law (EuCritQ), 1, pp. 44–57, 2014, at 53–54.

  18. 18.

    Her research focused on the Italian DPA (“Garante”) and the judicial review in Italy. Francesca E. Bignami, Transgovernmental Networks vs. Democracy: The Case of the European Information Privacy Network, Michigan Journal of International Law, Vol. 26, pp. 807–868, 2005, e.g. at 852.

  19. 19.

    See Sect. 8.12.

  20. 20.

    Council of the European Union, various Council documents on Council Public Register, re Interinstitutional file 2012/0011 (COD), e.g. 18031/13 (19 Dec 2013, full version on lobbyplag.eu) and 14788/1/14 (13-11-2014).

  21. 21.

    Council of the European Union, various Council documents on Council Public Register, re Interinstitutional file 2012/0011 (COD), e.g. 18031/13 (19 Dec 2013, full version on lobbyplag.eu).

  22. 22.

    Council of the European Union, various Council documents on Council Public Register, re Interinstitutional file 2012/0011 (COD), e.g. 18031/13 (19 Dec 2013, full version on lobbyplag.eu).

  23. 23.

    See Chap. 7, Sects. 7.1 and 7.2.

  24. 24.

    See on this: Koen Lenaerts and Piet van Nuffel, European Union Law (Third edition), Sweet & Maxwell, 2010, at 7-045, and the contribution of Dougan in Paul Craig and Grainne de Burca (eds), The evolution of EU Law (Second Edition), Oxford University Press, 2011, at 408–411.

  25. 25.

    Dougan in Paul Craig and Grainne de Burca (eds) The evolution of EU Law (Second Edition), Oxford University Press, 2011, at 409.

  26. 26.

    Case 33/76, Rewe-Zentralfinanz, EU:C:1976:188

  27. 27.

    Koen Lenaerts and Piet van Nuffel, European Union Law (Third edition), Sweet & Maxwell, 2010, at 7-045

  28. 28.

    Article 28(6) of Directive 95/46.

  29. 29.

    Recital (64) of Directive 95/46.

  30. 30.

    Article 29 Data Protection Working Party, Advice paper on the practical implementation of the Article 28(6) of the Directive 95/46/EC, 20 April 2011, at 1.

  31. 31.

    Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, ETS No. 108.

  32. 32.

    Chapter IV of the Convention, as described by Dariusz Kloza and Anna Moscibroda, Making the case for enhanced enforcement cooperation between data protection authorities: insights from competition law, International Data Privacy Law, Vol. 4, No. 2, 2014, at 121–122.

  33. 33.

    Article 14 of Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, ETS No. 108

  34. 34.

    Article 1 (5) of Additional Protocol to the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data regarding supervisory authorities and transborder data flows.

  35. 35.

    Explanatory Report on Article 1 (5) of the Additional Protocol.

  36. 36.

    Chapter VII, Section 1, GDPR.

  37. 37.

    Chapter VII, Section 2, GDPR.

  38. 38.

    This distinction is largely in line with Research Network on EU Administrative Law, ReNEUAL Model Rules on EU Administrative Procedure: Introduction to the ReNEUAL Model Rules Book V – Mutual Assistance, (at 205). However, this chapter does not include “service of documents” which does not seem relevant for data protection, whereas it does include the joint investigations, which are not part of the ReNEUAL Model Rules.

  39. 39.

    Herwig C.H. Hofmann, Herwig & Morgane Tidghi, “Rights and Remedies in Implementation of EU Policies by Multi-Jurisdictional Networks”, European Public Law, 20, No.1, 147–164, 2014, at 148.

  40. 40.

    Herwig C.H. Hofmann, Herwig & Morgane Tidghi, “Rights and Remedies in Implementation of EU Policies by Multi-Jurisdictional Networks”, European Public Law, 20, No.1, 147–164, 2014, at 148.

  41. 41.

    Case C-503/03, Commission v Spain, EU:C:2006:74.

  42. 42.

    Case C-503/03, Commission v Spain, EU:C:2006:74, at 56.

  43. 43.

    See, e.g., Articles 60-61 GDPR.

  44. 44.

    Article 29 Data Protection Working Party, Advice paper on the practical implementation of the Article 28(6) of the Directive 95/46/EC, 20 April 2011, at Addenda.

  45. 45.

    Dariusz Kloza and Anna Moscibroda, Making the case for enhanced enforcement cooperation between data protection authorities: insights from competition law, International Data Privacy Law, Vol. 4, No. 2, 2014, at 125–127.

  46. 46.

    Article 4(3) TEU.

  47. 47.

    Article 29 Data Protection Working Party, Advice paper on the practical implementation of the Article 28(6) of the Directive 95/46/EC, 20 April 2011, at 1.

  48. 48.

    This follows from Article 29(2) and (3) of Directive 95/46.

  49. 49.

    As mentioned in relation to regulatory agencies by David Coen and Mark Thatcher, Network Governance and Multi-level Delegation: European Networks of Regulatory Agencies, Journal of Public Policy, Vol. 28, Issue 01, April 2008, pp 49–71, at 52.

  50. 50.

    Recital 65 and Article 30 (1) (a) of Directive 95/46, as explained in Section 3.

  51. 51.

    Article 28(1) of Directive 95/46.

  52. 52.

    Paul Craig and Grainne de Búrca, EU Law, Text, Cases and Material (Fifth Edition), Oxford University Press, 2011, at 40. See also Chap. 6, Sect. 6.3.

  53. 53.

    As was explained above in Chap. 7, Sect. 7.11.

  54. 54.

    András Jóri, Shaping vs applying data protection law: two core functions of data protection authorities, International Data Privacy Law, Vol. 5, No. 2, 2015.

  55. 55.

    Recital 65 and Article 30 (1) (a) of Directive 95/46.

  56. 56.

    Terminology taken from E. Chiti, An important part of the EU’s institutional machinery: Features, problems and perspectives of European agencies, CMLR, 46, pp. 1395–1442, 2009, at 1409.

  57. 57.

    Article 29 Working Party, Guidelines on the implementation of the Court of Justice of the European Union judgment on “Google Spain and inc v. Agencia Española de Protección de Datos (AEPD) and Mario Costeja González” – WP 225.

  58. 58.

    Letter from the Article 29 Working Party to Google on the right to be delisted, 6 January 2015. Similar letters were sent to other providers of search engines. See also the Press Release of 18 June 2015 of the Article 29 Data Protection Working Party on Delisting, explaining the functioning of the guidelines.

  59. 59.

    As referred to in the previous section and explained by Dariusz Kloza and Anna Moscibroda, Making the case for enhanced enforcement cooperation between data protection authorities: insights from competition law, International Data Privacy Law, Vol. 4, No. 2, 2014, at 125–127.

  60. 60.

    Chapter VII, Section 2, GDPR.

  61. 61.

    Article 34 of Council Decision of 6 April 2009 establishing the European Police Office (Europol) (2009/371/JHA), OJ L 121/37. The Council Decision is currently under revision, also in relation to the supervisory structure.

  62. 62.

    Article 23 of Council Decision of 28 February 2002 setting up Eurojust with a view to reinforcing the fight against serious crime (2002/187/JHA), OJ L 63/1, as amended by Decision 2009/426/JHA (OJ L 138/14). The Council Decision is currently under revision, also in relation to the supervisory structure.

  63. 63.

    To be complete, a Joint Supervisory Authority also exists for a part of the Customs Information System. Since data protection supervision of the Customs Information System has a complicate structure (resulting from the former pillar structure of the EU Treaties) and has limited practical relevance, it is only mentioned in footnotes.

  64. 64.

    Diana Alonso Blas, Ensuring effective data protection in the field of police and judicial activities: some considerations to achieve security, justice and freedom, ERA Forum, 11, 233–250, 2010.

  65. 65.

    In Cases C-518/07, Commission v Germany, EU:C:2010:125, C-614/10, Commission v Austria, EU:C:2012:631, and C-288/12, Commission v Hungary, EU:C:2014:237.

  66. 66.

    Letter of the European Data Protection Supervisor of 13 November 2013 to Mr Juan Fernando López Aguilar, Chair of the LIBE-Committee of the European Parliament concerning the data protection supervision on Europol. Also: European Parliament, Directorate-General for Internal Policies, Policy Department C, Citizens’ Rights and Constitutional Affairs, The data protection regime applying to the inter-agency cooperation and future architecture of the EU criminal justice and law enforcement area, February 2015.

  67. 67.

    Further read: Franziska Boehm, Information Sharing and Data Protection in the Area of Freedom, Security and Justice, Towards Harmonised Data Protection Principles for Information Exchange at EU-level, Springer, 2012.

  68. 68.

    To be complete, this mechanism also exists for a part of the Customs Information System (the part not covered by the Joint Supervisory Authority).

  69. 69.

    Article 46 of Regulation (EC) No 1987/2006 of the European Parliament and of the Council of 20 December 2006 on the establishment, operation and use of the second generation Schengen Information System (SIS II), OJ L 381/4 and Article 62 of Council Decision 2007/533/JHA of 12 June 2007 on the establishment, operation and use of the second generation Schengen Information System (SIS II), OJ L 205/63.

  70. 70.

    Article 43 of Regulation (EC) No 767/2008 of the European Parliament and of the Council of 9 July 2008 concerning the Visa Information System (VIS) and the exchange of data between Member States on short-stay visas (VIS Regulation), OJ L 218/60.

  71. 71.

    Article 32 of Regulation (EU) No 603/2013 of the European Parliament and of the Council of 26 June 2013 on the establishment of ‘Eurodac’ for the comparison of fingerprints for the effective application of Regulation (EU) No 604/2013 establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person and on requests for the comparison with Eurodac data by Member States’ law enforcement authorities and Europol for law enforcement purposes, and amending Regulation (EU) No 1077/2011 establishing a European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice (recast), OJ L 180/1.

  72. 72.

    Article 21 of Regulation (EU) No 1024/2012 of the European Parliament and of the Council of 25 October 2012 on administrative cooperation through the Internal Market Information System and repealing Commission Decision 2008/49/EC (‘the IMI Regulation’), OJ L 316, 14.11.2012, p. 1.

  73. 73.

    As specified in the legal bases quoted in the previous footnotes.

  74. 74.

    See on the non-hierarchical cooperation Anna-Sara Lind and Jane Reichel, Administrating Data Protection – or the Fort Knox of the European Composite Administration, Critical Quarterly for Administration and Law (EuCritQ), 1, pp. 44–57, 2014, at 47 and discussed below in Sect. 8.9.

  75. 75.

    Article 42(1) of Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data, OJ L 8/1.

  76. 76.

    Article 46(f)(i) of Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data, OJ L 8/1.

  77. 77.

    Article 46(g) of Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data, OJ L 8/1

  78. 78.

    Article 45(2) of Decision of the European Data Protection Supervisor of 17 December 2012 on the adoption of Rules of Procedure, 2013/504/EU, OJ L 273/41.

  79. 79.

    Recital (98) of Commission Proposal for a GDPR, COM (2012), 11 final.

  80. 80.

    Recital (97) of the proposal.

  81. 81.

    Amendment 158 introducing a new Article54a, Amendment 67 amending recital (97), European Parliament legislative resolution of 12 March 2014 on the proposal for a GDPR (COM(2012)0011 – C7-0025/2012 – 2012/0011(COD)).

  82. 82.

    Articles 51a and 54a and recitals 97, 97a, 97b and 97c of Council general approach (Council document 9565/15 of 11 June 2015).

  83. 83.

    E.g., European Data Protection Supervisor, Opinion of 7 March 2012 on the data protection reform package, at 237.

  84. 84.

    See mainly Articles 60 and 65 GDPR. The final decision of the lead DPA may result from dispoute resolution by the EDPB, in case a DPA raised a relevant and reasoned objection.

  85. 85.

    Some cases of enforcement cooperation – e.g. in relation to Google and WhatsApp – are explained in David Barnard-Wills & David Wright, Deliverable 1 – “Co-ordination and co-operation between Data Protection Authorities”, www.phaedra-project.eu.

  86. 86.

    Recommendation No. 04/215 of the Belgian Privacycommission of 13 May 2015, http://www.privacycommission.be/sites/privacycommission/files/documents/recommendation_04_2015_0.pdf.

  87. 87.

    Recommendation No. 04/215 of the Belgian Privacycommission of 13 May 2015, p.26.

  88. 88.

    Further read: David Barnard-Wills & David Wright, Deliverable 1 – “Co-ordination and co-operation between Data Protection Authorities”, www.phaedra-project.eu, at 39–44.

  89. 89.

    See Annual Report of the Data Protection Commissioner of Ireland 2014 published on its website.

  90. 90.

    Recommendation No. 04/215 of the Belgian Privacycommission of 13 May 2015, http://www.privacycommission.be/sites/privacycommission/files/documents/recommendation_04_2015_0.pdf, at 4.

  91. 91.

    Article 56(6) GDPR.

  92. 92.

    Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions, Safeguarding Privacy in a Connected World A European Data Protection Framework for the 21st Century, COM (2012) 9 final, at 7–8.

  93. 93.

    See on this Sect. 8.2 above, with reference to E. Chiti, An important part of the EU’s institutional machinery: Features, problems and perspectives of European agencies, CMLR, 46, pp. 1395–1442, 2009, at 1412.

  94. 94.

    Article 58 of the Commission Proposal for a GDPR, COM (2012), 11 final, only mentioning opinions.

  95. 95.

    Amendment 167 introducing a new Article58a (7), European Parliament legislative resolution of 12 March 2014 on the proposal for a GDPR (COM(2012)0011 – C7-0025/2012 – 2012/0011(COD)).

  96. 96.

    Article 58a of Council general approach (Council document 9565/15 of 11 June 2015).

  97. 97.

    Article 64 (2) GDPR.

  98. 98.

    Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions, Safeguarding Privacy in a Connected World A European Data Protection Framework for the 21st Century, COM (2012), 9 final, at 2, 7–9.

  99. 99.

    See in particular the procedure foreseen in Article 58(3) of the Commission proposal.

  100. 100.

    See in particular the procedure foreseen in Article 58(4) of the Commission proposal.

  101. 101.

    This was also a reason for the Commission itself to claim a role in this procedure.

  102. 102.

    Article 29 Data Protection Working Party, Opinion 01/2012 on the data protection reform proposals – WP 191 (23.03.2012), at 20.

  103. 103.

    Article 29 Data Protection Working Party, Opinion 01/2012 on the data protection reform proposals – WP 191 (23.03.2012), at 20.

  104. 104.

    In the same sense, European Data Protection Supervisor, Opinion of 7 March 2012 on the data protection reform package, at 248–255.

  105. 105.

    In the same sense, European Data Protection Supervisor, Opinion of 7 March 2012 on the data protection reform package, at 245.

  106. 106.

    Amendment 167, introducing a new Article 58a, European Parliament legislative resolution of 12 March 2014 on the proposal for a GDPR (COM(2012)0011 – C7-0025/2012 – 2012/0011(COD)).

  107. 107.

    See also Article 57 (3) (a) and (b) of Council general approach (Council document 9565/15 of 11 June 2015).

  108. 108.

    Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions, Safeguarding Privacy in a Connected World A European Data Protection Framework for the 21st Century, COM (2012), 9 final, at 7.

  109. 109.

    Mark Bell in Paul Craig and Grainne de Búrca (eds), The evolution of EU Law (Second Edition), Oxford University Press, 2011, Chapter 20.

  110. 110.

    Mark Bell in Paul Craig and Grainne de Búrca (eds), The evolution of EU Law (Second Edition), Oxford University Press, 2011, Chapter 20, at 637.

  111. 111.

    Because of the prohibition of discrimination on grounds of nationality in Article 18 TFEU and in Article 21(2) Charter.

  112. 112.

    Koen Lenaerts and Piet van Nuffel, European Union Law (Third edition), Sweet & Maxwell, 2010, at 17-005.

  113. 113.

    On subsidiarity, see Chap. 4, Sect. 4.4.

  114. 114.

    See Chap. 7, Sect. 7.11.

  115. 115.

    See also Sects. 8.3 and 8.5.

  116. 116.

    David Coen and Mark Thatcher, Network Governance and Multi-level Delegation: European Networks of Regulatory Agencies, Journal of Public Policy, Vol. 28, Issue 01, pp 49–71, April 2008.

  117. 117.

    Commission Proposal for a GDPR, COM (2012), 11 final, at Chapter VII.

  118. 118.

    Articles 7(2) and 8 (3) (d) of Directive 2002/21/EC of the European Parliament and of the Council of 7 March 2002 on a common regulatory framework for electronic communications networks and services (Framework Directive), OJ L 108, 24.4.2002, as amended by Directive 2009/140.

  119. 119.

    To be complete, flexibility is only needed “in certain areas”. Zinzani explains that this recital reflects the conflicting views in the negotiations process, Marco Zinzani in: Everson, Michelle, Cosimo Monda, and Ellen Vos (eds), 2014, EU Agencies in between Institutions and Member States, Kluwer Law International 2014, Ch 7.

  120. 120.

    Directive 2002/21/EC of the European Parliament and of the Council of 7 March 2002 on a common regulatory framework for electronic communications networks and services (Framework Directive), OJ L 108, 24.4.2002.

  121. 121.

    Directive 2009/140/EC of the European Parliament and of the Council of 25 November 2009 amending Directives 2002/21/EC on a common regulatory framework for electronic communications networks and services, 2002/19/EC on access to, and interconnection of, electronic communications networks and associated facilities, and 2002/20/EC on the authorisation of electronic communications networks and services, OJ L 337, 18.12.2009, p. 37.

  122. 122.

    Regulation (EC) No 1211/2009 of the European Parliament and of the Council of 25 November 2009 establishing the Body of European Regulators for Electronic Communications (BEREC) and the Office, OJ L (2009), 337/1.

  123. 123.

    Further read on BEREC: Marco Zinzani, in: Everson, Michelle, Cosimo Monda, and Ellen Vos (eds), 2014, EU Agencies in between Institutions and Member States, Kluwer Law International 2014, Ch7.

  124. 124.

    Article 4 of Regulation (EC) No 1211/2009 of the European Parliament and of the Council of 25 November 2009 establishing the Body of European Regulators for Electronic Communications (BEREC) and the Office, OJ L (2009), 337/1.

  125. 125.

    Recital (6) of Regulation (EC) No 1211/2009 of the European Parliament and of the Council of 25 November 2009 establishing the Body of European Regulators for Electronic Communications (BEREC) and the Office, OJ L (2009), 337/1.

  126. 126.

    Article 6 of Regulation (EC) No 1211/2009 of the European Parliament and of the Council of 25 November 2009 establishing the Body of European Regulators for Electronic Communications (BEREC) and the Office, OJ L (2009), 337/1.

  127. 127.

    Marco Zinzani, in: Everson, Michelle, Cosimo Monda, and Ellen Vos (eds), 2014, EU Agencies in between Institutions and Member States, Kluwer Law International 2014, at 154.

  128. 128.

    Further read: J.W. Goodman, Telecommunications Policy-Making in the European Union, 2006.

  129. 129.

    David Coen and Mark Thatcher, Network Governance and Multi-level Delegation: European Networks of Regulatory Agencies, Journal of Public Policy, Vol. 28, Issue 01, pp 49–71, April 2008, at 59–61.

  130. 130.

    See David Coen and Mark Thatcher, Network Governance and Multi-level Delegation: European Networks of Regulatory Agencies, Journal of Public Policy, Vol. 28, Issue 01, pp 49–71, April 2008, at 55–56. One factor they mention, the risk of the treaties unravelling, is not discussed in main text because it is not relevant here.

  131. 131.

    Coen and Thatcher mention universal service and national champions.

  132. 132.

    Mark Thatcher, The creation of European regulatory agencies and its limits: a comparative analysis of European delegation, Journal of European Public Policy, 18, 790–809, 6 September 2011, at 802–803.

  133. 133.

    Mark Thatcher, The creation of European regulatory agencies and its limits: a comparative analysis of European delegation, Journal of European Public Policy, 18, 790–809, 2011, at 802–803.

  134. 134.

    An example is the limitation of the role of the EDPS, which was proposed by the Council, leading to a text in the General Approach where the EDPS was deprived of its voting rights in the EDPB and also the influence of the EDPS on the secretariat was restricted. See Articles 64 (4) and 71 of Council general approach (Council document 9565/15 of 11 June 2015). The Article 29 Working Party, composed of mostly national DPAs did not side with the EDPS in this debate.

  135. 135.

    See on this framework also Chap. 6, Sect. 6.10 of this book.

  136. 136.

    Recitals (8) and (9) of Regulation (EC) No 1211/2009 of the European Parliament and of the Council of 25 November 2009 establishing the Body of European Regulators for Electronic Communications (BEREC) and the Office, OJ L (2009), 337/1.

  137. 137.

    Article 3(1) of Regulation (EC) No 1211/2009 of the European Parliament and of the Council of 25 November 2009 establishing the Body of European Regulators for Electronic Communications (BEREC) and the Office, OJ L (2009), 337/1.

  138. 138.

    Article 3(3) of Regulation (EC) No 1211/2009 of the European Parliament and of the Council of 25 November 2009 establishing the Body of European Regulators for Electronic Communications (BEREC) and the Office, OJ L (2009), 337/1.

  139. 139.

    Articles 7 and 7a of Directive 2002/21/EC of the European Parliament and of the Council of 7 March 2002 on a common regulatory framework for electronic communications networks and services (Framework Directive), OJ L 108, 24.4.2002, as amended by Directive 2009/140.

  140. 140.

    Study on the Evaluation of BEREC and the BEREC Office, carried out for the European Commission by PricewaterhouseCoopers, 2012, at 118–135.

  141. 141.

    Study on the Evaluation of BEREC and the BEREC Office, carried out for the European Commission by PricewaterhouseCoopers, 2012, at 7.

  142. 142.

    See mainly Articles 58(8) and 59(2) of the Commission Proposal for a GDPR, COM (2012), 11 final.

  143. 143.

    Article 59(2) of the Proposal.

  144. 144.

    Article 59 is deleted by the European Parliament and the Council. See: European Parliament legislative resolution of 12 March 2014 on the proposal for a GDPR (COM(2012)0011 – C7-0025/2012 – 2012/0011(COD)); Council general approach (Council document 9565/15 of 11 June 2015).

  145. 145.

    Council Regulation (EC) No 1/2003 of 16 December 2002 on the implementation of the rules on competition laid down in Articles 81 and 82 of the Treaty, OJ L 1/1.

  146. 146.

    The European Competition Network is not mentioned in Regulation 1/2003 itself, but established on the basis thereof, A. Ottow, Market & Competition Authorities, Good Agency Principles, Oxford University Press, 2015, at 36–38.

  147. 147.

    Dariusz Kloza and Anna Moscibroda, Making the case for enhanced enforcement cooperation between data protection authorities: insights from competition law, International Data Privacy Law, Vol. 4, No. 2, 2014, at 135–137.

  148. 148.

    Anna-Sara Lind and Jane Reichel, Administrating Data Protection – or the Fort Knox of the European Composite Administration, Critical Quarterly for Administration and Law (EuCritQ), 1, pp. 44–57, 2014, at 47.

  149. 149.

    Herwig C.H. Hofmann, Herwig & Morgane Tidghi, “Rights and Remedies in Implementation of EU Policies by Multi-Jurisdictional Networks”, European Public Law, 20, No.1, 147–164, 2014, at 147.

  150. 150.

    Further read: Anna-Sara Lind and Jane Reichel, Administrating Data Protection – or the Fort Knox of the European Composite Administration, Critical Quarterly for Administration and Law (EuCritQ), 1, pp. 44–57, 2014.

  151. 151.

    Taken from Research Network on EU Administrative Law, ReNEUAL Model Rules on EU Administrative Procedure: Introduction to the ReNEUAL Model Rules /Book I – General Provisions, online version 2014, p29.

  152. 152.

    Herwig C.H. Hofmann, Herwig and Morgane Tidghi, “Rights and Remedies in Implementation of EU Policies by Multi-Jurisdictional Networks”, European Public Law, 20, No.1, 147–164, 2014, at 148.

  153. 153.

    Francesca E. Bignami, Transgovernmental Networks vs. Democracy: The Case of the European Information Privacy Network, Michigan Journal of International Law, Vol. 26, pp. 807–868, 2005, at 821. Her statement discusses what she calls a “mixed administration” or “mixed procedure”, based on the example of comitology, but also relevant here.

  154. 154.

    Contribution of Harlow in Paul Craig and Grainne de Búrca (eds), The evolution of EU Law (Second Edition), Oxford University Press, 2011, Chapter 15, in particular at 443, with reference to Chiti and Cassese.

  155. 155.

    Koen Lenaerts and Piet van Nuffel, European Union Law (Third edition), Sweet & Maxwell, 2010, at 7-045.

  156. 156.

    Explanations relating to the Charter of Fundamental Rights, OJ (2007) 303/17, Explanation on Article 41.

  157. 157.

    Paul Craig in “The EU Charter of Fundamental Rights, A Commentary,” Edited by Steve Peers, Tamara Hervey, Jeff Kenner and Angela Ward, Hart Publishing, 2014, at 1069–1098.

  158. 158.

    Paul Craig in “The EU Charter of Fundamental Rights, A Commentary,” Edited by Steve Peers, Tamara Hervey, Jeff Kenner and Angela Ward, Hart Publishing, 2014, at 1069–1098, at 1070.

  159. 159.

    Case C-277/11, M.M., EU:C:2012:744, at 84.

  160. 160.

    Herwig C.H. Hofmann, Herwig and Morgane Tidghi, “Rights and Remedies in Implementation of EU Policies by Multi-Jurisdictional Networks”, European Public Law, 20, No.1, 147–164, 2014, at 150 and the case law mentioned in footnote 17 thereof, in particular Case T-211/02, Tideland Signal v Commission, EU:T:2002:232, at 37. See on the duty of care also Koen Lenaerts and Piet van Nuffel, European Union Law (Third edition), Sweet & Maxwell, 2010, at 7-045.

  161. 161.

    Paul Craig in “The EU Charter of Fundamental Rights, A Commentary,” Edited by Steve Peers, Tamara Hervey, Jeff Kenner and Angela Ward, Hart Publishing, 2014, at 1069–1098, at 1078.

  162. 162.

    Anna-Sara Lind and Jane Reichel, Administrating Data Protection – or the Fort Knox of the European Composite Administration, Critical Quarterly for Administration and Law (EuCritQ), 1, pp. 44–57, 2014, at 47.

  163. 163.

    As explained by Mitsilegas in relation to criminal law cooperation, Valsamis Mitsilegas, The constitutional implications of mutual recognition in criminal matters in the EU, CMLR, 43, pp. 1277–1311, 2006, at 1281.

  164. 164.

    Valsamis Mitsilegas, The constitutional implications of mutual recognition in criminal matters in the EU, CMLR 43 (2006), pp. 1277–1311, at 1281.

  165. 165.

    Under Joined cases C-411/10 and C-493/10, N.S., and M.E. and Others, EU:C:2011:865.

  166. 166.

    Under Case C-503/03, Commission v Spain, EU:C:2006:74.

  167. 167.

    Paul Craig and Grainne de Búrca, EU Law, Text, Cases and Material (Fifth Edition), Oxford University Press, 2011, at 684–687.

  168. 168.

    Koen Lenaerts and Piet van Nuffel, European Union Law (Third edition), Sweet & Maxwell, 2010, at 7-045.

  169. 169.

    Further read: Valsamis Mitsilegas, The constitutional implications of mutual recognition in criminal matters in the EU, CMLR, 43, pp. 1277–1311, 2006.

  170. 170.

    David Barnard-Wills and David Wright, Deliverable 1 – “Co-ordination and co-operation between Data Protection Authorities”, www.phaedra-project.eu, at 87.

  171. 171.

    As explained in case note Maarten den Heijer, “Joined Cases C-411 and 493/10, N.S. v. Secretary of State for the Home Department and M.E. and Others v. Refugee Applications Commissioner, Minister for Justice, Equality and Law Reform, Judgment of the Court (Grand Chamber) of 21 December 2011”, CMLR, 49, pp. 1735–1753, 2012, at 1746.

  172. 172.

    Francesca E. Bignami, Transgovernmental Networks vs. Democracy: The Case of the European Information Privacy Network, Michigan Journal of International Law, Vol. 26, pp. 807–868, 2005, at 809.

  173. 173.

    Research Network on EU Administrative Law, ReNEUAL Model Rules on EU Administrative Procedure: Introduction to the ReNEUAL Model Rules, p.10.

  174. 174.

    Research Network on EU Administrative Law, ReNEUAL Model Rules on EU Administrative Procedure: Introduction to the ReNEUAL Model Rules /Book I – General Provisions, online version 2014, p4.

  175. 175.

    Contribution of Harlow in Paul Craig and Grainne de Burca (eds), The evolution of EU Law (Second Edition), Oxford University Press, 2011, Chapter 15, at 464.

  176. 176.

    W. Vandenbruwaene, Multi-Level Governance through a Constitutional Prism, Maastricht Journal of European and Comparative Law, Volume 21, nr 2, at 229–242, 2014, at 241.

  177. 177.

    Herwig C.H. Hofmann, Herwig & Morgane Tidghi, “Rights and Remedies in Implementation of EU Policies by Multi-Jurisdictional Networks”, European Public Law, 20, No.1, 147–164, 2014, at 150–152.

  178. 178.

    Case C-503/03, Commission v Spain, EU:C:2006:74, at 52–55.

  179. 179.

    Case C-269/90, Technische Universität München, EU:C:1991:438, at 13–14. This case is also relevant in relation to the duty of care.

  180. 180.

    This is closely related to the principle of care or diligent or impartial administration, referred to by Craig.

  181. 181.

    D.-U. Galetta, H.C.H. Hofmann & J.-P. Schneider, Information, Exchange in the European Administrative Union: An Introduction, European Public Law, 20, no.1, pp. 65–69, 2014.

  182. 182.

    Lottini, Micaela, “An Instrument of Intensified Informal Mutual Assistance: The Internal Market Information System (IMI) and the Protection of Personal Data”, European Public Law, 20, No.1, 107–126, 2014.

  183. 183.

    See the documents published by Research Network on EU Administrative Law, ReNEUAL Model Rules on EU Administrative Procedure:

  184. 184.

    Research Network on EU Administrative Law, ReNEUAL Model Rules on EU Administrative Procedure: Introduction to the ReNEUAL Model Rules, p.8.

  185. 185.

    European Parliament resolution of 15 January 2013 with recommendations to the Commission on a Law of Administrative Procedure of the European Union (2012/2024(INL)).

  186. 186.

    Research Network on EU Administrative Law, ReNEUAL Model Rules on EU Administrative Procedure: Introduction to the ReNEUAL Model Rules /Book I – General Provisions, online version 2014; Book V – Mutual Assistance; Book VI- Administrative Information Management.

  187. 187.

    Article 65 (1)(b) GDPR.

  188. 188.

    See Sect. 8.6 above, referring to Dariusz Kloza and Anna Moscibroda, Making the case for enhanced enforcement cooperation between data protection authorities: insights from competition law, International Data Privacy Law, Vol. 4, No. 2, 2014, at 135–137.

  189. 189.

    Referring to Contribution of Harlow in Paul Craig and Grainne de Búrca, The evolution of EU Law (eds) (Second Edition), Oxford University Press, 2011, Chapter 15, in particular at 443, with reference to Chiti and Cassese.

  190. 190.

    Article 5(3) TEU.

  191. 191.

    David Barnard-Wills & David Wright, Deliverable 1 – “Co-ordination and co-operation between Data Protection Authorities”, www.phaedra-project.eu, at 7.

  192. 192.

    As explained above in Sect. 8.7.

  193. 193.

    Case C-230/14, Weltimmo, ECLI:EU:C:2015:639.

  194. 194.

    Article 16 (2) TFEU and Article 8 (3) Charter.

  195. 195.

    Article 56 GDPR.

  196. 196.

    Council document 18031/13, 19 Dec 2013, full version on http://lobbyplag.eu/governments/assets/pdf/CD-18031_13.pdf, at 14.

  197. 197.

    Raynal in Carine Dartiguepeyrou (ed.), The Futures of Privacy, Cahier de prospective, Think Tank Futur Numérique, at 72.

  198. 198.

    Rethinking the one-stop-shop mechanism: Legal certainty and legitimate expectation, Paolo Balboni, Enrico Pelino, Lucio Scudiero, Computer law & security review, 30, 392–402, 2014.

  199. 199.

    Antonella Galetta, Paul De Hert, The Proceduralisation of Data Protection Remedies under EU Data Protection Law: Towards a More Effective and Data Subject-oriented Remedial System?, Review of European Administrative Law (REALaw), 2015/1, pp 123–149, at 142. See on forum shopping also Sects. 3 and 5.

  200. 200.

    In line with Dariusz Kloza and Anna Moscibroda, Making the case for enhanced enforcement cooperation between data protection authorities: insights from competition law, International Data Privacy Law, Vol. 4, No. 2, 2014, at 135–137. See Sect. 8.6 above.

  201. 201.

    See on this, E. Chiti, An important part of the EU’s institutional machinery: Features, problems and perspectives of European agencies, CMLR, 46, pp. 1395–1442, 2009, at 1412.

  202. 202.

    As discussed in Sect. 8.7 above.

  203. 203.

    Case C-277/11, M.M., EU:C:2012:744, at 84.

  204. 204.

    Research Network on EU Administrative Law, ReNEUAL Model Rules on EU Administrative Procedure: Introduction to the ReNEUAL Model Rules /Book I – General Provisions, online version 2014; Book V – Mutual Assistance; Book VI- Administrative Information Management.

  205. 205.

    See Chap. 7, Sects. 7.13 and 7.14.

  206. 206.

    As described by David Barnard-Wills & David Wright, Deliverable 1 – “Co-ordination and co-operation between Data Protection Authorities”, www.phaedra-project.eu, at 25–34.

  207. 207.

    See Sect. 8.4 above.

  208. 208.

    David Coen and Mark Thatcher, Network Governance and Multi-level Delegation: European Networks of Regulatory Agencies, Journal of Public Policy, Vol. 28, Issue 01, pp 49–71, April 2008, at 49–50.

  209. 209.

    Coen and Thatcher call this “upwards” and “downwards” delegation.

  210. 210.

    See Chap. 7, Sect. 7.3.

  211. 211.

    See Sect. 8.4 above.

  212. 212.

    Francesca E. Bignami, Transgovernmental Networks vs. Democracy: The Case of the European Information Privacy Network, Michigan Journal of International Law, Vol. 26, pp. 807–868, 2005, at 810 and 839–844.

  213. 213.

    Francesca E. Bignami, Transgovernmental Networks vs. Democracy: The Case of the European Information Privacy Network, Michigan Journal of International Law, 2005, Vol. 26, pp. 807–868, at 844.

  214. 214.

    See Sect. 8.5 above.

  215. 215.

    See Chap. 7, Sect. 7.6 of this book.

  216. 216.

    Mark Thatcher, The creation of European regulatory agencies and its limits: a comparative analysis of European delegation, Journal of European Public Policy, 18, 790–809, 2011, at 798.

  217. 217.

    Article 4(1) of Regulation (EC) No 1211/2009 of the European Parliament and of the Council of 25 November 2009 establishing the Body of European Regulators for Electronic Communications (BEREC) and the Office, OJ L (2009), 337/1.

  218. 218.

    Article 7(1) of Regulation (EC) No 1211/2009 of the European Parliament and of the Council of 25 November 2009 establishing the Body of European Regulators for Electronic Communications (BEREC) and the Office, OJ L (2009), 337/1

  219. 219.

    List of members available on http://ec.europa.eu/justice/data-protection/article-29/structure/members/index_en.htm

  220. 220.

    Lavrijssen, Saskia & Ottow, Annetje. “Independent Supervisory Authorities: A Fragile Concept”, Legal Issues of Economic Integration, 39, No. 4, 419–446, 2012, at 431.

  221. 221.

    Mark Thatcher, The creation of European regulatory agencies and its limits: a comparative analysis of European delegation, Journal of European Public Policy, 18, 790–809, 2011, at 798.

  222. 222.

    Article 4(9) of Regulation (EC) No 1211/2009 of the European Parliament and of the Council of 25 November 2009 establishing the Body of European Regulators for Electronic Communications (BEREC) and the Office, OJ L (2009), 337/1.

  223. 223.

    Article 12 of the Rules of Procedure of the Working Party, 15 February 2010, http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/rules-art-29_en.pdf

  224. 224.

    Article 58(7) of Commission Proposal for a GDPR, COM (2012), 11 final, mentions a simple majority of the members of the EDPB.

  225. 225.

    Article 58a (7) of European Parliament legislative resolution of 12 March 2014 on the proposal for a GDPR (COM(2012)0011 – C7-0025/2012 – 2012/0011(COD)). Article 58a(2) of Council general approach (Council document 9565/15 of 11 June 2015). In the final text of the GDPR simple majority remains the rule. See however Article 65 (2) thereof.

  226. 226.

    Article 60 (1) GDPR.

  227. 227.

    E.g., Article 64 (7) GDPR.

  228. 228.

    As explained by Curtin in relation to expert committees in the EU in general, “Challenging executive dominance in European democracy” in: C. Joerges and C. Glinski (eds.), The European Crisis and the Transformation of Transnational Governance: Authoritarian Managerialism versus Democratic Governance, Hart Publishing, 2014, 203–226, at the section on “Challenging low-level secrecy.”

  229. 229.

    Deirdre Curtin “Challenging executive dominance in European democracy” in: C. Joerges and C. Glinski (eds.), The European Crisis and the Transformation of Transnational Governance: Authoritarian Managerialism versus Democratic Governance, Hart Publishing, 2014, 203–226, at the section on “Fragmented EU governments.

  230. 230.

    Deirdre Curtin “Challenging executive dominance in European democracy” in: C. Joerges and C. Glinski (eds.), The European Crisis and the Transformation of Transnational Governance: Authoritarian Managerialism versus Democratic Governance, Hart Publishing, 2014, 203–226, at the section on “Challenging low-level secrecy.”

  231. 231.

    Under Article 17 TEU, Koen Lenaerts and Piet van Nuffel, European Union Law (Third edition), Sweet & Maxwell, 2010, at 13-063.

  232. 232.

    M. Keading & E.W. Versluis in: Everson, Michelle, Cosimo Monda, and Ellen Vos (eds), 2014, EU Agencies in between Institutions and Member States, Kluwer Law International 2014, Chapter 4, e.g. at 74.

  233. 233.

    Study on the Evaluation of BEREC and the BEREC Office, carried out for the European Commission by PricewaterhouseCoopers, 2012, at 7.

  234. 234.

    Case C-518/07, Commission v Germany, EU:C:2010:125, at 19.

  235. 235.

    Case C-614/10, Commission v Austria, EU:C:2012:631, at 62–64.

  236. 236.

    Article 68 (5) GDPR.

  237. 237.

    Article 60 of Commission Proposal for a GDPR, COM (2012), 11 final.

  238. 238.

    E.g., European Data Protection Supervisor, Opinion of 7 March 2012 on the data protection reform package; Article 29 Data Protection Working Party, Opinion 01/2012 on the data protection reform proposals – WP 191 (23.03.2012).

  239. 239.

    European Parliament legislative resolution of 12 March 2014 on the proposal for a GDPR (COM(2012)0011 – C7-0025/2012 – 2012/0011(COD)). Council general approach (Council document 9565/15 of 11 June 2015).

  240. 240.

    See Sect. 8.2 above.

  241. 241.

    As in Article 64 (7) GDPR.

  242. 242.

    Research Network on EU Administrative Law, ReNEUAL Model Rules on EU Administrative Procedure, Article VI-39.

  243. 243.

    See Sect. 8.4 above.

  244. 244.

    As in Article 65 GDPR.

  245. 245.

    Article 68 (3) GDPR.

  246. 246.

    Cases C-518/07, Commission v Germany, EU:C:2010:125, C-614/10, Commission v Austria, EU:C:2012:631, and C-288/12, Commission v Hungary, EU:C:2014:237.

  247. 247.

    As explained in Chap. 4 of this book.

  248. 248.

    See Chap. 7, Sect. 7.8.

  249. 249.

    M. Shapiro in Paul Craig and Grainne de Búrca (eds), The evolution of EU Law (Second Edition), Oxford University Press, 2011, at 111.

  250. 250.

    E. Vos in: Everson, Michelle, Cosimo Monda, and Ellen Vos (eds), 2014, EU Agencies in between Institutions and Member States, Kluwer Law International 2014, at 29–30.

  251. 251.

    Further read: A. Ottow in: Everson, Michelle, Cosimo Monda, and Ellen Vos (eds), 2014, EU Agencies in between Institutions and Member States, Kluwer Law International 2014, Chapter 6.

  252. 252.

    This is a simplified description of Article 17 of Regulation (EU) No 1093/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Banking Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/78/EC, OJ L 331/12.

  253. 253.

    Article 19 of Regulation (EU) No 1093/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Banking Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/78/EC, OJ L 331/12.

  254. 254.

    Set up under Regulation (EU) No 1095/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Securities and Markets Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/77/EC, OJ L 331/84.

  255. 255.

    Article 36a of Regulation (EU) No 513/2011 of the European Parliament and of the Council of 11 May 2011 amending Regulation (EC) No 1060/2009 on credit rating agencies.

  256. 256.

    Article 58a (7) of European Parliament legislative resolution of 12 March 2014 on the proposal for a GDPR (COM(2012)0011 – C7-0025/2012 – 2012/0011(COD)).

  257. 257.

    Article 58a (7) of Council general approach (Council document 9565/15 of 11 June 2015).

  258. 258.

    Article 65(5) and (6) GDPR.

  259. 259.

    Case 25/62, Plaumann v Commission, EU:C:1963:17.

  260. 260.

    Further read: Paul Craig and Grainne de Búrca, EU Law, Text, Cases and Material (Fifth Edition), Oxford University Press, 2011, at 491–510.

  261. 261.

    Article 68(4) GDPR.

  262. 262.

    Case C-518/07, Commission v Germany, EU:C:2010:125, at 19.

  263. 263.

    Case C-614/10, Commission v Austria, EU:C:2012:631, at 62–64. See Chap. 7, Sect. 7.9.

  264. 264.

    Further read: Ellen Vos in: Everson, Michelle, Cosimo Monda, and Ellen Vos (eds), 2014, EU Agencies in between Institutions and Member States, Kluwer Law International 2014, at 42.

  265. 265.

    Regulation (EC) No 1049/2001 of the European Parliament and of the Council of 30 May 2001 regarding public access to European Parliament, Council and Commission documents, OJ 2001 L 145/43.

  266. 266.

    Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data, OJ L 8/1.

  267. 267.

    The Legal Service of Council gives arguments why review by the CJEU complies with Article 47 Charter. Council document re Interinstitutional file 2012/0011 (COD), e.g., 18031/13 (19 Dec 2013, full version on lobbyplag.eu), at 43.

  268. 268.

    Research Network on EU Administrative Law, ReNEUAL Model Rules on EU Administrative Procedure, Article VI-39.

  269. 269.

    In Chap. 6, Sect. 6.3.

  270. 270.

    Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions, A comprehensive approach on personal data protection in the European Union, COM (2010), 609 final.

  271. 271.

    Cases C-518/07, Commission v Germany, EU:C:2010:125, C-614/10, Commission v Austria, EU:C:2012:631, and C-288/12, Commission v Hungary, EU:C:2014:237.

  272. 272.

    As required under current EU law for providers of publicly available electronic communications services under Article 3 of Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications), OJ L 201/37, as amended by Directive 2009/136, OJ L 337/11.

  273. 273.

    See, in relation to agencies: F. Jacobs, in: Everson, Michelle, Cosimo Monda, and Ellen Vos (eds), 2014, EU Agencies in between Institutions and Member States, Kluwer Law International 2014, Ch9.

  274. 274.

    Case C-518/07, Commission v Germany, EU:C:2010:125, at 41–46, see Chap. 7, Sect. 7.9, of this book.

  275. 275.

    As explained in Chap. 7.

  276. 276.

    ECtHR, De Geouffre de la Pradelle v France, Application No. 12964/87, ruling of 16.12.1992, point 35.

  277. 277.

    The contribution of the Council contains complicated procedures that are not necessarily coherent and clear. See, e.g., Article 54a of Council general approach (Council document 9565/15 of 11 June 2015).

  278. 278.

    In particular in the Council, see Chap. 7, Sect. 7.12.

  279. 279.

    Regulation (EU) No 1215/2012 of the European Parliament and of the Council of 12 December 2012 on jurisdiction and the recognition and enforcement of judgments in civil and commercial matters, OJ L 351/1 (“Brussels I Regulation”).

  280. 280.

    Case C-93/12, Agrokonsulting-04, EU:C:2013:432, at 52 and 61.

  281. 281.

    For the first time in Case 294/83, Les Verts v European Parliament, EU:C:1986:166, at 23. See Chap. 2, Sect. 2.5.

  282. 282.

    Wording on closeness to the citizen is taken from Article 1 TEU.

  283. 283.

    See, mostly, Chap. 4.

  284. 284.

    Research Network on EU Administrative Law, ReNEUAL Model Rules on EU Administrative Procedure: Introduction to the ReNEUAL Model Rules/Book I – General Provisions, online version 2014; Book V – Mutual Assistance; Book VI- Administrative Information Management.

  285. 285.

    Research Network on EU Administrative Law, ReNEUAL Model Rules on EU Administrative Procedure: Introduction to the ReNEUAL Model Rules/Book I – General Provisions, online version 2014; Book V – Mutual Assistance; Book VI- Administrative Information Management.

References

  • Alonso Blas, Diana. 2010. Ensuring effective data protection in the field of police and judicial activities: Some considerations to achieve security, justice and freedom. ERA Forum 11: 233–250.

    Article  Google Scholar 

  • Balboni, Paolo, Enrico Pelino, and Lucio Scudiero. 2014. Rethinking the one-stop-shop mechanism: Legal certainty and legitimate expectation. Computer Law & Security Review 30: 392–402.

    Article  Google Scholar 

  • Barnard-Wills, David, and David Wright. 2014. Deliverable 1 – “Co-ordination and co-operation between Data Protection Authorities”. Available on: www.phaedra-project.eu.

  • Bignami, Francesca E. 2005. Transgovernmental networks vs. democracy: The case of the European information privacy network. Michigan Journal of International Law 26: 807–868.

    Google Scholar 

  • Boehm, Franziska. 2012. Information sharing and data protection in the area of freedom, security and justice, towards harmonised data protection principles for information exchange at EU-level. Springer.

    Google Scholar 

  • Chiti, E. 2009. An important part of the EU’s institutional machinery: Features, problems and perspectives of European agencies. Common Market Law Review 46: 1395–1442.

    Google Scholar 

  • Craig, Paul, and Grainne de Búrca (eds.). 2011. The evolution of EU law, 2nd ed. Oxford University Press.

    Google Scholar 

  • Curtin, Deirdre. 2014. Challenging executive dominance in European democracy. In The European crisis and the transformation of transnational governance: Authoritarian managerialism versus democratic governance, ed. C. Joerges and C. Glinski, 203–226. Hart Publishing.

    Google Scholar 

  • Dartiguepeyrou, Carine (ed.). n.d. The futures of privacy. Cahier de prospective, Futur Numérique. Available on: http://cvpip.wp.mines-telecom.fr/files/2014/02/14-02-The-futur-of-privacy-cahier-de-prospective.pdf.

  • Everson, Michelle, Cosimo Monda, and Ellen Vos (eds.). 2014. EU agencies in between institutions and member states. Kluwer Law International.

    Google Scholar 

  • Galetta, Antonella, and Paul De Hert. 2015. The proceduralisation of data protection remedies under EU data protection law: Towards a more effective and data subject-oriented remedial system? Review of European Administrative Law (REALaw) 1: 123–149.

    Google Scholar 

  • Galetta, D.-U., H.C.H. Hofmann, and J.-P. Schneider. 2014. Information, exchange in the European administrative union: An introduction. European Public Law 20(1): 65–69.

    Google Scholar 

  • Goodman, J.W. 2006. Telecommunications policy-making in the European Union. Edward Elgar Publishing.

    Book  Google Scholar 

  • Hofmann, Herwig C.H., and Morgane Tidghi. 2014. Rights and remedies in implementation of EU policies by multi-jurisdictional networks. European Public Law 20(1): 147–164.

    Google Scholar 

  • Jóri, András. 2015. Shaping vs applying data protection law: Two core functions of data protection authorities. International Data Privacy Law 5(2): 133–143.

    Article  Google Scholar 

  • Kloza, Dariusz, and Anna Moscibroda. 2014. Making the case for enhanced enforcement cooperation between data protection authorities: Insights from competition law. International Data Privacy Law 4(2): 120–138.

    Article  Google Scholar 

  • Lavrijssen, Saskia, and Annetje Ottow. 2012. Independent supervisory authorities: A fragile concept. Legal Issues of Economic Integration 39(4): 419–446.

    Google Scholar 

  • Lenaerts, Koen, and Piet van Nuffel. 2011. European Union law, 3rd ed. Sweet & Maxwell.

    Google Scholar 

  • Lind, Anna-Sara, and Jane Reichel. 2014. Administrating data protection – or the Fort Knox of the European composite administration. Critical Quarterly for Administration and Law (EuCritQ) 1: 44–57.

    Google Scholar 

  • Lottini, Micaela. 2014. An instrument of intensified informal mutual assistance: The Internal Market Information System (IMI) and the protection of personal data. European Public Law 20(1): 107–126.

    Article  Google Scholar 

  • Maastricht Journal of European and Comparative Law. Special issue: The Constitutional Adulthood of Multi-Level Governance. 2014, Vol. 21, No. 2.

    Google Scholar 

  • Mitsilegas, Valsamis. 2006. The constitutional implications of mutual recognition in criminal matters in the EU. Common Market Law Review 43: 1277–1311.

    Google Scholar 

  • Ottow, A. 2015. Market & competition authorities, good agency principles. Oxford University Press.

    Google Scholar 

  • Peers, Steve, Tamara Hervey, Jeff Kenner, and Angela Ward (eds.). 2014. The EU charter of fundamental rights, a commentary. Hart Publishing.

    Google Scholar 

  • Research Network on EU Administrative Law. 2014. ReNEUAL model rules on EU administrative procedure: introduction to the ReNEUAL model rules/book I – general provisions, on line version; book V – mutual assistance; book VI – Administrative Information Management.

    Google Scholar 

  • Thatcher, Mark. 2011. The creation of European regulatory agencies and its limits: A comparative analysis of European delegation. Journal of European Public Policy 18(6): 790–809.

    Article  Google Scholar 

  • Vandenbruwaene, W. 2014. Multi-level governance through a constitutional prism. Maastricht Journal of European and Comparative Law 21(2): 229–242.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Brussels, Belgium

    Hielke Hijmans

Authors
  1. Hielke Hijmans
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this chapter

Cite this chapter

Hijmans, H. (2016). Understanding the Role of Cooperation Mechanisms of DPAs: Towards a Layered Model of Horizontal Cooperation Between DPAs, a Structured Network of DPAs and a European DPA. In: The European Union as Guardian of Internet Privacy. Law, Governance and Technology Series(), vol 31. Springer, Cham. https://doi.org/10.1007/978-3-319-34090-6_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-34090-6_8

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-34089-0

  • Online ISBN: 978-3-319-34090-6

  • eBook Packages: Law and CriminologyLaw and Criminology (R0)

Publish with us

Policies and ethics

Search

Navigation