EU GDPR – Article 73 (Chair)

Abstract

The General Data Protection Regulation (GDPR) created a unified legal structure to protect personal data across the European Union. Within this framework, the European Data Protection Board (EDPB) plays a central role in ensuring that privacy rules are applied consistently in every member state. The Board is responsible for providing guidance, promoting cooperation among national supervisory authorities, and resolving disputes related to data protection.

To maintain strong leadership and organized decision-making, the regulation defines how the leadership of the Board is selected. EU GDPR Article 73 explains the process for electing the chair and deputy chairs of the Board. These leadership positions are filled through a majority vote by Board members, and each position carries a five-year term that may be renewed once. This structure ensures stability, continuity, and effective governance within the EDPB.

Explanation

The leadership of the European Data Protection Board is important because the Board coordinates the work of many supervisory authorities across the European Union. Since each country has its own data protection authority, the Board needs strong leadership to maintain alignment and ensure that GDPR rules are interpreted in a consistent way.

EU GDPR Article 73 establishes that the Board elects one chair and two deputy chairs from among its members. These leaders are chosen through a majority vote, meaning more than half of the Board members must support the candidate. This democratic process ensures that leadership reflects the collective agreement of the supervisory authorities that make up the Board.

The term of office is five years, which provides enough time for leaders to guide long-term initiatives, policy development, and cooperation between member states. However, to balance continuity with fresh leadership opportunities, the regulation allows only one renewal of the term. This means a chair or deputy chair can serve a maximum of ten years if re-elected.

The chair leads the Board’s activities, organizes meetings, represents the Board externally, and helps coordinate discussions among supervisory authorities. The deputy chairs assist the chair and can step in when the chair is unavailable. Together, they ensure that the Board’s work runs smoothly and efficiently.

This leadership system helps maintain stability in the governance of EU data protection while also supporting transparency and democratic decision-making.

Key Points

1. EU GDPR Article 73 defines the leadership structure of the EDPB.
2. The Board elects one chair and two deputy chairs.
3. Leadership is chosen through a majority vote of Board members.
4. The length of the term is five years.
5. The term can be renewed once, allowing a maximum of two terms.
6. The chair manages meetings and represents the Board in official matters.
7. Deputy chairs support the chair and may act in their place when needed.
8. The system promotes democratic governance and stability within the Board.

General Activation Steps

1. Identification of Candidates: Members of the European Data Protection Board nominate potential candidates from among the representatives of national supervisory authorities.
2. Presentation of Candidates: Each candidate may present their vision, leadership approach, and plans for supporting cooperation among data protection authorities.
3. Voting by Board Members: All members of the Board participate in the voting process to select the chair and deputy chairs.
4. Majority Decision: A candidate must receive a majority of votes to be elected to the leadership position.
5. Announcement of Results: Once the voting process is completed, the elected chair and deputy chairs are officially announced.
6. Beginning of the Five-Year Term: The elected leaders begin their responsibilities and guide the Board’s work for the next five years.
7. Possible Renewal of the Term: At the end of the term, the same leaders may run again for one additional term if they wish and if the Board supports them.

Use Cases

1. Leadership Coordination Across Member States: The chair of the European Data Protection Board coordinates discussions among national data protection authorities. This is especially useful when multiple countries are involved in the same data protection case. Leadership ensures that decisions are aligned and that interpretations of GDPR remain consistent.
2. Representation of the Board in International Discussions: The chair often represents the Board in meetings with EU institutions, regulators, and international organizations. Through this role, the leadership helps promote European data protection standards worldwide and explains how the GDPR should be applied.
3. Management of Cross-Border Data Disputes: Many companies operate in several EU countries at the same time. When disputes arise about data processing activities, the Board may need to intervene. The chair and deputy chairs help guide discussions and facilitate agreement among authorities.
4. Development of Data Protection Guidelines: The Board regularly publishes recommendations and guidelines explaining how organizations should interpret certain GDPR requirements. Leadership ensures that the drafting process moves forward efficiently and that all authorities contribute their expertise.
5. Ensuring Consistent Enforcement: The leadership structure defined in EU GDPR Article 73 supports consistent enforcement of data protection rules. The chair coordinates the Board’s work so that organizations across Europe follow similar privacy standards.

Dependencies

1. EU Data Protection Authorities: The effectiveness of the chair and deputy chairs depends heavily on cooperation with national supervisory authorities. Each authority represents a member state and contributes to the Board’s decisions.
2. Legal Framework of the GDPR: The leadership role exists within the broader structure of the GDPR. Other articles define the responsibilities, powers, and cooperation mechanisms that guide the Board’s work.
3. Institutional Support from the European Union: The Board works closely with EU institutions such as the European Commission. These institutions support the implementation and enforcement of privacy regulations across Europe.
4. Administrative and Secretariat Support: The Board receives operational assistance from a secretariat that organizes meetings, manages documents, and supports communication among members. This support enables the chair to focus on strategic leadership.
5. Cooperation Mechanisms Among Authorities: The leadership must coordinate with mechanisms that allow authorities to share information, discuss cross-border cases, and reach joint decisions.

Tools and Technologies

1. Secure Communication Platforms: The European Data Protection Board uses secure digital communication tools that allow supervisory authorities to exchange information safely and confidentially.
2. Data Governance and Documentation Systems: Document management systems help organize guidelines, legal opinions, and case decisions. These systems support transparency and ensure that information is accessible to Board members.
3. Collaboration and Meeting Platforms: Virtual meeting tools allow members from different countries to participate in discussions without always needing physical meetings. This improves efficiency and speeds up decision-making.
4. Legal Research Databases: Leaders rely on legal research platforms to analyze case law, regulatory updates, and policy developments related to data protection.
5. Policy Development Tools: Structured drafting tools and policy management systems help the Board create and publish guidelines that organizations across Europe can follow.

Let’s Wrap

EU GDPR Article 73 plays an important role in shaping the leadership structure of the European Data Protection Board. By defining how the chair and deputy chairs are elected and by setting a five-year renewable term, the regulation ensures stability, accountability, and democratic governance.

Strong leadership within the Board helps coordinate national supervisory authorities, guide policy discussions, and ensure that data protection laws are applied consistently throughout the European Union. The chair and deputy chairs act as central figures in maintaining cooperation, resolving complex issues, and representing the Board at both European and international levels.

In a regulatory environment where technology and data processing practices constantly evolve, effective leadership is essential. The structure defined by this article helps the Board remain organized, transparent, and capable of guiding Europe’s data protection framework into the future.

---

For further reading:

• EU GDPR – Article 72 (Procedure)
• EU GDPR – Article 71 (Reports)
• EU GDPR – Article 70 (Tasks of the Board)
• EU GDPR – Article 69 (Independence)
• EU GDPR – Article 68 (European Data Protection Board)
• EU GDPR – Article 67 (Exchange of Information)
• EU GDPR – Article 66 (Urgency Procedure)
• EU GDPR – Article 65 (Dispute resolution by the Board)
• EU GDPR – Article 64 (Opinion of the Board)
• EU GDPR – Article 63 (Consistency Mechanism)
• EU GDPR – Article 62 (Joint Operations of Supervisory Authorities)
• EU GDPR – Article 61(Mutual assistance)
• EU GDPR – Article 60 (Cooperation Between Supervisory Authorities)
• EU GDPR – Article 59 (Activity Reports)
• EU GDPR – Article 58 (Powers of Supervisory Authorities)
• EU GDPR – Article 57 (Tasks of the Supervisory Authority)
• EU GDPR – Article 56 (Competence of the Lead Supervisory Authority)