The EU Council has published a working document dated 2 October 2026 proposing additional procedural rules to strengthen enforcement of the General Data Protection Regulation (GDPR) in cross-border cases. The proposals aim to streamline cooperation and dispute resolution between national data protection authorities (DPAs), focusing on complaint admissibility, early resolution, and enhanced information exchange. The document was prepared under the current Council Presidency and is intended to inform further discussions among member states.
Key proposals to clarify and accelerate procedures
The working document outlines several measures to address bottlenecks in GDPR enforcement. It proposes clearer criteria for determining the admissibility of complaints, aiming to reduce the number of unfounded or duplicate submissions that burden DPAs. A mechanism for early complaint resolution is suggested, allowing DPAs to resolve cases without full formal proceedings where appropriate. Additionally, the document calls for improved information-sharing protocols between lead and concerned supervisory authorities to speed up the cooperation process under the GDPR's one-stop-shop mechanism.
Trade-offs between efficiency and rights protection
The proposals reflect a tension between streamlining enforcement and safeguarding procedural rights. On one hand, faster resolution of cross-border complaints could benefit consumers and businesses by reducing uncertainty and legal costs. On the other hand, critics may argue that expedited procedures could undermine thorough investigation and the right to a fair hearing for data controllers. The document does not specify numerical targets but suggests a more harmonised approach to procedural timelines across member states.
Impact on stakeholders - National data protection authorities: Would face new procedural obligations but could benefit from reduced case backlogs and clearer cooperation rules. - EU businesses (data controllers): May experience more predictable and faster resolution of cross-border complaints, reducing compliance costs and legal risks. - EU citizens (data subjects): Could see quicker remedies for GDPR violations, but potentially at the expense of less rigorous scrutiny in some cases. - EU institutions: The European Commission and European Data Protection Board (EDPB) may need to update guidance and possibly propose legislative amendments to implement the new rules.
Next steps
The working document will be discussed in the Council's relevant preparatory bodies, with member states expected to provide feedback. Any formal legislative proposal would require adoption by the Council and the European Parliament under the ordinary legislative procedure. The EDPB is also likely to issue an opinion on the proposals.
← Atlas › News › Justice & Citizenship