Article 46*

Article 46 – Powers

Commission Proposal

Member States shall provide that each supervisory authority must in particular be endowed with:

(a) investigative powers, such as powers of access to data forming the subject matter of processing operations and powers to collect all the information necessary for the performance of its supervisory duties;

(b) effective powers of intervention, such as the delivering of opinions before processing is carried out, and ensuring appropriate publication of such opinions, ordering the restriction, erasure or destruction of data, imposing a temporary or definitive ban on processing, warning or admonishing the controller, or referring the matter to national parliaments or other political institutions ;

(c) the power to engage in legal proceedings where the provisions adopted pursuant to this Directive have been infringed or to bring this infringement to the attention of the judicial authorities.

EDRi’s proposed amendment

1. Member States shall provide that each supervisory authority must in particular be endowed with shall be endowed with the following powers:

(a) investigative powers, such as powers of access to data forming the subject matter of processing operations and powers to collect all the information necessary for the performance of its supervisory duties;

(b) effective powers of intervention, such as the delivering of opinions before processing is carried out, and ensuring appropriate publication of such opinions, ordering the restriction, erasure or destruction of data, imposing a temporary or definitive ban on processing, warning or admonishing the controller, or referring the matter to national parliaments or other political institutions ;

(c) the power to engage in legal proceedings where the provisions adopted pursuant to this Directive have been infringed or to bring this infringement to the attention of the judicial authorities.

(a) to notify the controller or the processor of an alleged breach of the provisions governing the processing of personal data, and, where appropriate, order the controller or the processor to remedy that breach, in a specific manner, in order to improve the protection of the data subject;

(b) to order the controller or the processor to comply with the data subject’s requests to exercise the rights provided by this Directive;

(c) to order the controller and the processor, and, where applicable, the representative to provide any information relevant for the performance of its duties;

(d) to ensure the compliance with prior consultations referred to in Article 26;

(e) to warn or admonish the controller or the processor;

(f) to order the rectification, erasure or destruction of all data when they have been processed in breach of the provisions of this Directive and the notification of such actions to third parties to whom the data have been disclosed;

(g) to impose a temporary or definitive ban on processing;

(h) to suspend data flows to a recipient in a third country or to an international organisation;

(i) to issue opinions on any issue related to the protection of personal data;

(j) to inform the national parliament, the government or other political institutions as well as the public on any issue related to the protection of personal data.

1a. Member States shall provide that each supervisory authority shall have the investigative power to obtain from the controller or the processor:

(a) access to all personal data and to all information necessary for the performance of its duties;

(b) access to any of its premises, including to any data processing equipment and means, where there are reasonable grounds for presuming that an activity in violation of this Directive is being carried out there.

The powers referred to in point (b) shall be exercised in conformity with Union law and Member State law.

1b. Member States shall provide that each supervisory authority shall have the power to bring violations of this Regulation to the attention of the judicial authorities and to engage in legal proceedings.

Justification

There is no reason why the competences of DPAs should not be equal to those under the General Data Protection Regulation. Therefore, this amendment transfers the catalogue of powers proposed in the General Data Protection Regulation to the Directive. This has also been recommended by the EDPS in his opinion (pt. 429).

  • eu logo The launch and upkeep (until December 31, 2012) of this website received financial support from the EU's Fundamental Rights and Citizenship Programme.
Follow

Get every new post delivered to your Inbox.

%d bloggers like this: