Insights Advocate General opines on relationship between judicial decisions and national data protection authority decisions regarding infringement of GDPR

Contact

BE wanted to obtain a copy of a sound recording made of a general meeting of shareholders that he had attended as a shareholder of the company in question, and in which he had participated.

The company, as the data controller, provided BE with extracts of the recording only.

BE asked the Hungarian data protection authority for a declaration that the company had acted unlawfully. The Hungarian data protection authority refused BE’s request. Accordingly, BE issued court proceedings in Hungary against the Hungarian data protection authority. At the same time, BE issued court proceedings against the company as the data controller.

In the proceedings relating to the data protection authority, the Hungarian court has requested guidance from the CJEU on the relationship between remedies provided by a national data protection authority and those provided by a court and, more specifically, on how to prevent contradictory decisions in relation to an alleged breach of the GDPR being delivered within a Member State.

The Advocate General (AG) opined that Article 78(1) of the GDPR, read with Article 47 of the Charter of Fundamental Rights of the EU, must be interpreted as meaning that where a data subject exercises the remedies provided for in Article 77(1) (the right to lodge a complaint of potential breach of the GDPR with a national data protection authority) and Article 79(1) (the right to an effective judicial remedy for a potential breach of the GDPR) the court required to hear and determine an action against the decision of a national data protection authority is not bound by a judicial decision made in a court seised on the basis of Article 79(1)) as to whether there has been an infringement of the GDPR.

In the AG’s opinion, Articles 77(1) and 79(1) must be interpreted as meaning that the remedies which they provide may be exercised in parallel, neither remedy having priority over the other.

Further, the AG said, in the absence of EU rules applicable to the relationship between the remedies in Articles 77 to 79 of the GDPR, it is for Member States to put in place mechanisms governing the relationship between those remedies to ensure that contradictory decisions on the same processing of personal data does not happen within a Member State. (Case C-132/21 BE v Nemzeti Adatvédelmi és Információszabadság Hatóság (Opinion of Advocate General) EU:C:2022:661).

Expertise