Plain Spoken GDPR – Chapter 6

Anonymous To Sir With Love
Anonymous To Sir With Love

Chapter 6 – Independent Supervisory Authorities

The title really takes all the fun out of a description. Articles 51 through 59 are going to describe in-depth what the guys who are going to be fining people are and rules for their existence.

Section 1 – Independent Status

Article 51 – Supervisory Authority

4 paragraphs. Yeah so every member state needs to have a supervisory authority and they will absolutely cooperate with each other and to carry on a theme with the mysterious Commission. LINK TO CHAPTER 5 Sounds like a mob thing.

Article 52 – Independence

6 paragraphs. This is more fun, it talks more about how this body is going to be independent of anything. The people who make up the body will be free from “influence”. I like this particularly because it’s a mis-use of the word influence. Everything, everywhere at every time has an influence. Now I know what they are getting at, and perhaps my lack of being a lawyer means I’m missing a key legal definition of influence, but you’d think they could at least get English right writing these regulations.

Article 53 – General Conditions for the Members of the Supervisory Authority

4 paragraphs. They actually had to write down specifically that the guy (or lady) they get for the position has to be qualified. A lot of trust Europe has for its members. I guess regulations are not about trust and it’s not like this kind of stuff hasn’t gone on before. We’re looking at you Berlusconi.

Article 54 – Rules on the Establishment of the Supervisory Authority

2 paragraphs. Ah, I spy a loop hole here. Yes a person must be competent, however the qualifications necessary are set by the government. Whoop whoop. Although saying that we’ve got Elizabeth Denham which appears highly qualified for the position. The only thing I could say against here is that she doesn’t look like she says ‘sorry’ as often as the typical Canadian.

Section 2 – Competence, Tasks and Powers

Article 55 – Competence

3 paragraphs. Oooh we have a limit of power here. Essentially the first two paragraphs say the supervisory authority need to be competent, but the third says they will not be able to oversee the processing done by courts acting in a judicial capacity. Can’t be more powerful than the law.

Article 56 – Competence of the Lead Supervisory Authority

6 paragraphs. The word derogation makes me giggle. Essentially this is a throw away article for those member states that want to get more than one body on the job when it comes to data protection. Mostly that the lead body is in charge and the little bodies need to worship them or some such phrasing. But I’ve also found a new word: interlocutor. Being a lawyer can be fun!

Article 57 – Tasks

4 paragraphs. So this is what a supervisory body has to do and I’m starting to see a discrepancy here. In the description of what a controller and a processor needed to be responsible for and how long they had to respond etc. they were given fairly strict time tables. As for the supervisory authority they just need to get it done in a reasonable period when they are investigating things.

I love the line that states they need to give an opinion in relation to drawing up codes of conduct. Not so much about the code of conduct itself, but to date ICO opinion is neither here nor there. They are masters of the vague reply.

Article 58 – Powers

6 paragraphs. As much as I wanted it to be ‘Super’ powers, this is less so, however there are some cool bits in here. They can obtain access to any premises of a controller or processor connected with duties the supervisory authority needs to carry out. Now I’m picturing ICO Swat teams and Elizabeth Denham’s position has taken a very hard line in the past…

Now I really thought we’d see the infamous €20m line here. Looks like that will be later. But the power to tell you off, or fine you is listed as would be expected.

But they list here that safeguards need to be in place to check these powers. Which is very sensible in my opinion. Wouldn’t want a data privacy coup happening, would we?

Article 59 – Activity Reports

1 paragraph. Every year the supervisory authority needs to write up a report on its activities. They will be open and everyone can see them. It doesn’t specify they have to be true. I think if we got Neil Gaiman involved we could have some nice annual reports.

So quick week. This is more for the government to be dealing with than you or me I’d suspect, unless the government reads my blog. Hello government!

Next week is a bit more of the same, but just wait until you read Chapter 8! (That was my attempt at click bate. It seems to work for Buzzfeed.)

Previous articleApril – We’ve Brought our Umbrella
Next articlePlain Spoken GDPR – Chapter 7
Born into the wilds of mid-western America, Matthew has lived his life creating. The kind of kid that bought a tarp, some PVC pipe and a skate board; fashioned himself a windsurfing set-up and then saw an opportunity in a local tornado. "Sorry Mom." Undergraduate in Art and Design, Doctorate in Scottish History, Matthew came late to the realisation that if he's going to use his diverse skill set he'd have to employ himself.