Skip to content

Roles and Powers of National Data Protection Authorities

Moving from Directive 95/46/EC to the GDPR: Stronger and More ‘European’ DPAs as Guardians of Consistency?


Andra Giurgiu, Tine A Larsen

Safeguarding the rights of the citizens to the protection of their personal data in an era of nearly ubiquitous computing has become increasingly challenging. National data protection authorities (DPAs), central actors in the data protection landscape, face a difficult task when fulfilling their missions and acting as guardians of these rights under the provisions of the outdated Directive 95/46/EC. Critical decisions of the Court of Justice of the European Union illustrate the challenge of 'stretching' the provisions regarding the powers and competences of DPAs under the Directive to make them applicable to current data processing realities. The article points out the existing problems under the current framework with regard to powers and competence of DPAs and examines if and to what extent they are mended by the General Data Protection Regulation (GDPR). It analyses substantive and procedural aspects of the new cooperation model under the one-stop-shop and consistency mechanisms and discusses whether and how these new tools successfully contribute to solve existing problems.

Andra Giurgiu is Post-Doctoral Researcher at the Interdisciplinary Centre for Security, Reliability and Trust (SnT) of the University of Luxembourg; for correspondence: <>. Tine A Larsen is the President of the National Commission for Data Protection of Luxembourg; for correspondence: <>.


Lx-Number Search

(e.g. A | 000123 | 01)

Export Citation