The EU Council has published a working document detailing the European Parliament's position on proposed procedural rules to streamline cross-border enforcement of the General Data Protection Regulation (GDPR). The document, released on 2 October 2026, marks a step in ongoing interinstitutional negotiations aimed at harmonising how national data protection authorities cooperate in cross-border cases under Regulation (EU) 2016/679.
Document context and type
The working document is not a formal legislative proposal but an internal Council paper summarising the EP's stance. It falls under the EU policy area of justice and fundamental rights, specifically data protection. The proposal seeks to establish additional procedural rules for GDPR enforcement, addressing inconsistencies in how national authorities handle complaints involving multiple member states.
Policy orientations and trade-offs
The core objective is to create a more uniform enforcement mechanism, reducing fragmentation that has led to delays and forum shopping. However, the document reveals a cleavage between efficiency and national sovereignty: while harmonised procedures could speed up cross-border cases, they may also limit the discretion of lead supervisory authorities. The EP's position, as outlined, appears to favour stronger central coordination, potentially at the expense of member states' flexibility in applying GDPR locally.
Impact on stakeholders - National data protection authorities: Would face new procedural obligations, potentially reducing their autonomy in handling cross-border complaints. Positive impact: clearer rules could reduce legal uncertainty and administrative burden. Negative impact: loss of discretion may be resisted by some authorities. - EU businesses: Would benefit from more predictable enforcement across member states, lowering compliance costs. However, increased procedural harmonisation could lead to stricter oversight, raising compliance risks for companies handling large-scale cross-border data. - EU consumers and data subjects: Would gain from faster and more consistent resolution of complaints, strengthening their rights under GDPR. Negative impact: if harmonisation reduces local authorities' ability to tailor remedies, some complainants may receive less context-sensitive outcomes. - EU regulatory bodies (e.g., EDPB): Would likely see an enhanced role in coordinating enforcement, potentially increasing their influence. This could improve consistency but also centralise power, raising concerns about accountability.
Expected institutional follow-up
The working document signals that trilogue negotiations between the Council, Parliament, and Commission are underway. The Council is expected to finalise its own position before entering formal negotiations. The outcome will shape the future of GDPR enforcement, with implications for data protection across the EU.
← Atlas › News › Justice & Citizenship