Exploring the GDPR’s ‘One-Stop-Shop’ Mechanism – What the Opinion of the CJEU’s Advocate General tells us

On 12 January, Advocate General Michal Bobek delivered his Opinion on a regulatory competence tussle related to the respective roles of a ‘lead supervisory authority’ (“LSA”) under the GDPR and a local supervisory authority1. His Opinion upholds the general application of the GDPR ‘one-stop-shop’ mechanism and emphasises that the LSA has a primary role in regulating cross border processing of personal data.  However, he also indicates that the LSA cannot be deemed the sole enforcer of the GDPR in every instance involving cross-border data processing and envisages a limited role for local authorities.  In this briefing, we review the most striking points of the Advocate General’s Opinion.

Filter by: