Finding Further Guidance

• Author: David Zetoony
• Profession: Is a partner in the Boulder, Colorado office of Bryan Cave Leighton Paisner, LLP, an international law firm
• Pages: 149-152

149

fInDInG fURtHeR

GUIDAnce

Q.150 WHAt Is A “sUpeRVIsoRy AUtHoRIty”?

Lawyers and privacy professionals often use the terms supervisory

authority, data protection authority, and data protection agency (“DPA”)

synonymously to refer to the government agency within a European

Union Member State that has authority for enforcing the GDPR and/or

a Member State’s domestic data privacy and security legislation.

There is no direct analog to the concept of a supervisory authority

within the United States as the United States does not have an omnibus

data privacy and security statute or a single federal agency that is respon-

sible for enforcing United States data privacy and security laws. That

said, one could argue that the Federal Trade Commission—which has

jurisdiction over most United States companies and has interpreted the

Federal Trade Commission Act as imposing data privacy and security

obligations upon companies—may be the closest equivalent within the

United States to a supervisory authority.

Q.151 WHAt AGencIes ARe AUtHoRIzeD to

InteRpRet tHe GDpR?

The supervisory authorities are responsible for enforcing the GDPR.

They also provide guidance on the interpretation of that law and cast

their opinions at a European Union level through what is currently the

Article 29 Working Party and will be renamed the European Data Pro-

tection Board. Although their guidance is not legally binding, it is indica-

tive of the enforcement position they are likely to take.