1
Statement 6/2024 on the Second Report on the Application
of the General Data Protection Regulation – Fostering Cross-
Regulatory Consistency and Cooperation
Adopted on 3 December 2024
Executive summary
The European Data Protection Board welcomes the reports from the European Commission
and the Fundamental Rights Agency and takes this opportunity to confirm several ongoing
initiatives which would help address some recommendations on cooperation under the
GDPR, the future Regulation laying down procedural rules relating to the enforcement of the
GDPR as well as u nder other relevant legislation . In this context, the EDPB underlines the
importance of legal certainty and coherency of digital legislation with the GDPR. In the
meantime, the EDPB also wishes to step up its efforts to produce content that is accessible to
non-experts, SMEs and other relevant groups. The DPAs and EDPB’s ability to face those
challenges will depend on the attribution of necessary additional financia l and human
resources.
THE EUROPEAN DATA PROTECTION BOARD HAS ADOPTED THE FOLLOWING STATEMENT
The European Data Protection Board (EDPB) welcomes the European Commission’s second
report on the application of the General Data Protection Regulation (GDPR) (COM (2024) 357
final, “the Report”) addressed to the European Parliament and to the Council. The EDPB is
also pleased to concur with the Commission’s finding that, despite all of the challenges, the
application of the GDPR has helped individuals to gain more control over their data, created
a level playing field for businesses, provided a cornerst one for the EU’s digital transition and
contributed to the emergence of high international standards in data protection.
The EDPB particularly thanks the Commission for acknowledging its continuous work to
ensure the consistent interpretation and effective application of the GDPR.
2
The EDPB takes this as an opportunity to confirm several of its ongoing initiatives and
commitments which will help to address some of the Commission’s calls for action, and to
share its observations on the question of the interplay between the GDPR and new EU digital
legislation in particular. The EDPB recognises the importance of the Commission’s reporting
work on the application of the GDPR, and would support a holistic method ological approach
for the next evaluation of the GDPR that explores the interplay between the GDPR and other
EU digital legislation.
The EDPB would like to re -emphasise its commitment to fostering cross-regulatory
consistency and securing cooperation with other regulatory authorities, which is an integral
part of the EDPB Strategy 2024–2027, particularly in Pillar 3.
In that regard, the EDPB has identified the need to clarify the substantive and regulatory
enforcement interplay between the application of the GDPR and other EU digital legislation,
particularly the EU Artificial Intelligence Act or those derived from the EU Data Strategy and
the Digital Services Package.
The EDPB has already begun to work on this issue within the scope of its competences,
including preparation of guidelines on the interplay between the GDPR and some of these
new EU digital legislation (EDPB Strategy 2024 –2027, pillar 3, key action 1). Where
appropriate, the EDPB may decide to develop guidance together with the Commission (or
other competent authorities), as is the case for the joint guidance on the interplay between
the Digital Markets Act (DMA) and the GDPR.
The EDPB welcomes the Commission’s invitation to establish cooperation with other sectoral
regulators established under the new EU digital legislation. To that end, the EDPB will among
others continue to actively participate in EU-level structures designed to facilitate this cross-
regulatory cooperation, such as the DMA High Level Group and the European Data Innovation
Board.
In addition, as part of the implementation of Pillar 3 of its Strategy, the EDPB has decided to
establish a subgroup on cross-regulatory interplay and cooperation.
The EDPB also considers it crucial to establish enforcement cooperation mechanisms between
regulators which should be subject of the future evaluation of the GDPR and the digital
legislation as well.
The EDPB acknowledges the Commission’s observation on the increased use of the
cooperation and consistency mechanisms. It notes that the number of cross border cases
continues to grow, with exchanges of information taking place at an early stage in this
process. One of the EDPB’s key strategic objectives is to actively support the development of
cooperation and enforcement tools, as well as the sharing of expertise and methodologies,
between all of its members. Among other ways, it does this through initiat ives such as the
Support Pool of Experts, the Coordinated Enforcement Framework and the EDPB secondment
programme (EDPB Strategy 2024–2027, Pillar 2, Key Action 1). Moreover, the EDPB has made
it a priority to support the practical implementation of the EU Regulation laying down
3
additional procedural rules relating to the enforcement of the GDPR, including by the Data
Protection Authorities at national level (EDPB Strategy 2024–2027, Pillar 2, Key Action 3), once
it has been adopted.
The EDPB also welcomes the Commission's announcement of its intention to contribute to
the facilitation of international enforcement cooperation between supervisory authorities .
This includes through seeking approval for the negotiation of cooperation and mutual
assistance agreements with third countries, which complements the existing work of the
EDPB and its members.
The EDPB’s core task is to ensure the consistent application of the GDPR and one of the
available means for doing so is to provide guidelines. The objective of providing concise and
practical guidelines, as noted in the report, is reflected in the EDPB’s 2 024–2027 Strategy,
which include a commitment to develop tools for a wider audience, and to produce content
that is accessible to non-experts, SMEs and other relevant groups such as children. The EDPB
will also strive to improve its internal processes and procedures for the drafting of new
guidance. The EDPB reaffirms the high value that it places on both the transparency of its
decision-making and the input provided by external stakeholders.
The EDPB underlines that, in order to maintain a high level of protection of personal data and
to properly deal with increasingly complex challenges and additional competences, there is a
genuine need for the DPAs and EDPB to have additional financial and human resources, as
also highlighted by the Fundamental Right Agency (FRA) Report 1. The EDPB notes that the
need for such increased resources can be further demonstrated through a comprehensive
analysis of resources available to supervisory authorities in light of both their additional
competences under new digital legislation and inflation.
Finally, the EDPB would like to seize the opportunity to call on the Commission to further
assess the deficiencies described in the FRA report relating to the guarantees of
independence affecting supervisory authorities in some Member States.
For the European Data Protection Board
The Chair
Anu Talus
1 https://fra.europa.eu/en/publication/2024/gdpr-experiences-data-protection-authorities
