The annual report for the Danish data protection authority for 2015, published in 2016, includes a section on the international cooperation activities of the Danish DPA over the year, including activities related to the joint supervisory boards of Europol, Schengen visa system, EURODAC.
The annual report for 2015 from the DPC features several elements related to international cooperation between EU (and other) data protection authorities. It presents the perspective of the authority on the GDPR reforms, the CJEU ruling on the the case of Maximilian Schrems versus the Irish Data Protection Commissioner; the resulting collapse of the Safe Harbour agreement, and the start of the Privacy Shield negotiations. On the GDPR, the report’s introduction states:
“Importantly, as it is a harmonised law with direct effect in each EU member state, it will require Europe’s independent data protection authorities to cooperate and work with each other in new ways in order to ensure its effective and consistent implementation to the benefit of data subjects and organisations alike.”
On the CJEU decisions. The report states:
“The CJEU ruling was of major significance on a number of levels as it set out a new test based on German constitutional law in relation to the essence of the fundamental right; it reiterated its test for proportionality and necessity from the Digital Rights Ireland case on the Data Retention Directive; it clarified the role of data protection authorities in examining complaints even where the matter complained of is a binding EU instrument, and, of course, it struck down the Safe Harbour agreement itself. The issue of EU–US transfers and, indeed, transfers of personal data from the EU to other global jurisdictions has occupied the Article 29 Working Party in particular since that ruling last October. The working party called for political intervention to create the necessary political and legal solutions to allow personal-data free-flows to continue in a way that also safeguarded the fundamental rights of European individuals. As of today, it remains to be seen whether the proposed Privacy Shield for EU–US transfers will represent the start of a solution.”
On June 21st, 2016, the Spanish DPA presented the Annual Memory of 2015. The Memory explains exhaustively the activity and functioning of the various areas of the institution, it summarizes the most important trends, decisions and procedures of the year and analyses present and future challenges in the field of data protection. More importantly, it gives an overview of the cooperation in which the Agency has engulfed during the year 2015. The AEPD has, inter alia, signed a new collaboration agreement, participated to events and seminars, intervened in EU Working Parties or sent experts for evaluation missions. Moreover, its international cooperation does not preclude the Agency from cooperating with other regional Spanish DPAS (Catalan Authority of Data Protection, Basque Agency of Data Protection).
The Office of the Data Protection Commissioner issued a press release announcing that:
“We continue to thoroughly and diligently investigate Mr Schrems’ complaint to ensure the adequate protection of personal data. We yesterday informed Mr Schrems and Facebook of our intention to seek declaratory relief in the Irish High Court and a referral to the CJEU to determine the legal status of data transfers under Standard Contractual Clauses. We will update all relevant parties as our investigation continues.”