search

… (3) If the first question is answered in the negative, is the principle of accountability under Article 5(2) and Article 24 of (EU) /, read in conjunction with recital 74 thereof, to be interpreted as meaning that, in legal proceedings under Article 82(1) of (EU) /, the controller bears the burden of proving that the technical and organisational measures implemented are appropriate pursuant to Article 32 of that regulation? …

… (4) Is Article 82(3) of (EU) / to be interpreted as meaning that unauthorised disclosure of, or access to, personal data within the meaning of point 12 of Article 4 of (EU) / by means of, as in the present case, a “hacking attack” by persons who are not employees of the controller’s administration and are not subject to its control constitutes an event for which the controller is not in any way responsible and which entitles it to exemption from liability? …

… (2) If the first question is answered in the negative, what should be the subject matter and scope of the judicial review of legality in the examination as to whether the technical and organisational measures implemented by the controller are appropriate pursuant to Article 32 of (EU) /? …

… This reference for a preliminary ruling affords the Court of Justice an opportunity to rule on the conditions under which an administrative fine may be imposed on a legal person for infringement of (EU) /. (2) 2. …

… OPINION OF ADVOCATE GENERAL CAMPOS SÁNCHEZ-BORDONA delivered on 27 April 2023 (1) Case C-807/21 Deutsche Wohnen SE v Staatsanwaltschaft Berlin (Request for a preliminary ruling from the Kammergericht Berlin (Higher Regional Court, Berlin, Germany)) (Reference for a preliminary ruling - Protection of personal data - (EU) / - Infringements - Imputation to an undertaking of an infringement committed by its employees - Possible strict liability - Transposition of concepts developed …

… Administrative fines which may be imposed under / require the conduct constituting the penalised infringement to be intentional or negligent. 1 Original language: Spanish. 2 Regulation of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ 2016 L 119, p. 1) (‘the GDPR’). 3 Law …

… (EU) / of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ 2016 L 119, p. 1). 3 On the same day, the Commission made an application for interim relief, namely for the Court to impose on the Republic of Poland, pending the judgment on the substance of the proceedings, a series of obligations …

… subparagraph of Article 19(1) TEU; - by adopting and maintaining in force Article 88a of the amended Law relating to the ordinary courts, Article 45(3) of the amended Law on the Supreme Court and Article 8(2) of the amended Law relating to the administrative courts, the Republic of Poland has infringed the right to respect for private life and the right to protection of personal data, guaranteed by Article 7 and Article 8(1) of the Charter and by Article 6(1)(c) and (e), Article 6(3) and Article 9(1) of …

… (EU) / (4) 3. Paragraph 2 of Article 2 (‘Material scope’) provides: ‘This Regulation does not apply to the processing of personal data: … (d) by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security.’ 2. Directive 2016/680 4. …

… OPINION OF ADVOCATE GENERAL EMILIOU delivered on 20 April 2023(1) Case C-307/22 FT v DW (Request for a preliminary ruling from the Bundesgerichtshof (Federal Court of Justice, Germany)) (Reference for a preliminary ruling - Protection of personal data - (EU) / - Articles 12, 15 and 23 - Right of access by the data subject to personal data undergoing processing - Right to receive a copy of personal data free of charge - Reimbursement of expenses - Patient’s medical records - Doctor …

… Articles 12 and 15 of (EU) / on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (‘the GDPR’) (2) grant data subjects far-reaching rights of access in respect of personal data being processed. Inter alia, those provisions require controllers to provide data subjects, free of charge, with a copy of that data. 2. …

… In conclusion, I propose that the Court answer the questions referred for a preliminary ruling by the Bundesgerichtshof (Federal Court of Justice, Germany) as follows: Article 12(5) and Article 15(3) of (EU) / of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) must be interpreted …

… JUDGMENT OF THE COURT (First Chamber) 30 March 2023 (*) (Reference for a preliminary ruling - Protection of personal data - (EU) / - Article 88(1) and (2) - Processing of data in the employment context - Regional school system - Teaching by videoconference as a result of the COVID-19 pandemic - Implementation without the express consent of the teachers) In Case C-34/21, REQUEST for a preliminary ruling under Article 267 TFEU from the Verwaltungsgericht Wiesbaden (Administrative …

… Nardi, acting as Agents, after hearing the Opinion of the Advocate General at the sitting on 22 September 2022, gives the following Judgment 1 This request for a preliminary ruling concerns the interpretation of Article 88(1) and (2) of (EU) / of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection …

… Article 88(1) and (2) of / must be interpreted as meaning that the application of national provisions adopted to ensure the protection of employees’ rights and freedoms in respect of the processing of their personal data in the employment context must be disregarded where those provisions do not comply with the conditions and limits laid down in Article 88(1) and (2), unless those provisions constitute a legal basis referred to in Article 6(3) of that regulation, which complies …

… The answer to that question affords the Court of Justice a further opportunity to rule on the scope of Directive 2002/58/EC, (2) on the one hand, and the scope of Directive (EU) 2016/680 (3) and (EU) /, (4) on the other. 3. As regards Directive 2002/58, the Court has delivered a consistent line of decisions concerning when and under what conditions Member States may restrict the scope of the rights and obligations established by that directive. (5) I. Legal context A. …

… (EU) / of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, in the light of Articles 7 and 8 of the Charter of Fundamental Rights of the European Union, must be interpreted as not precluding the use, in administrative proceedings of a disciplinary nature, of personal data obtained lawfully and directly by public authorities …

… alternative: Article 9(1) of Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA, read in conjunction with Articles 6 and 10 of …

… It is for the referring court to determine whether the storage of data for the period authorised for the public register satisfies the conditions laid down in point (f) of the first subparagraph of Article 6(1) of /. (3) Article 17(1)(d) of / must be interpreted as meaning that the data subject has the right to obtain from the controller the erasure of personal data concerning him or her without undue delay where those data have been unlawfully processed in accordance …

… Article 17(1)(c) of (EU) / must be interpreted as meaning that the data subject has, in principle, the right to obtain from the controller the erasure of personal data concerning him or her without undue delay where he or she objects to the processing pursuant to Article 21(1) of that regulation. …

… OPINION OF ADVOCATE GENERAL PIKAMÄE delivered on 16 March 2023 (1) Joined Cases C-26/22 and C-64/22 UF (C-26/22) AB (C-64/22) v Land Hesse, Joined party: SCHUFA Holding AG (Request for a preliminary ruling from the Verwaltungsgericht Wiesbaden (Administrative Court, Wiesbaden, Germany)) (Reference for a preliminary ruling - Protection of natural persons with regard to the processing of personal data - (EU) / - Point (f) of the first subparagraph of Article 6(1) - Lawfulness of processing …

… Those include, in point 4, the following condition: ‘Enabling of legal interception by competent national authorities in accordance with (EU) / [of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ 2016 L 119, p. 1)] and Directive 2002/58/EC [of the European Parliament and of …

… / must be interpreted as not precluding national legislation on profiling where such profiling is not covered by Article 22(1) of that regulation. …

… /’, adopted on 3 October 2017 by the Article 29 Data Protection Working Party, profiling and automated decision-making can pose significant risks for individuals’ rights and freedoms. …

… OPINION OF ADVOCATE GENERAL PIKAMÄE delivered on 16 March 2023 (1) Case C-634/21 OQ v Land Hesse, Joined party: SCHUFA Holding AG (Request for a preliminary ruling from the Verwaltungsgericht Wiesbaden (Administrative Court, Wiesbaden, Germany)) (Reference for a preliminary ruling - Protection of natural persons with regard to the processing of personal data - (EU) / - Article 6(1) - Lawfulness of processing- Article 22 - Automated individual decision-making - Profiling - Private …