Article 59 GDPR: Difference between revisions
No edit summary |
|||
Line 195: | Line 195: | ||
=== Transparency === | === Transparency === | ||
The main goal of the activity reports regulated by Article 59 consists of informing national and EU authorities as well as the larger public about the activities the data protection authority has performed over the previous year. Scholars highlights that these materials also contribute in developing a common opinion among different DPAs over new or contentious data protection issues.<ref>''Boehm,'' in Kühling, Buchner, DS-GVO BDSG, Article 59 GDPR, | The main goal of the activity reports regulated by Article 59 GDPR consists of informing national and EU authorities as well as the larger public about the activities the data protection authority has performed over the previous year. Scholars highlights that these materials also contribute in developing a common opinion among different DPAs over new or contentious data protection issues.<ref>''Boehm,'' in Kühling, Buchner, DS-GVO BDSG, Article 59 GDPR, margin number 4 (C.H. Beck 2020).</ref> | ||
=== Content === | === Content === | ||
In the black-letter of the law, the report "''may include a list of types of infringement notified and types of measures taken in accordance with Article 58(2)''". This wording does not seem to impose the authority a tight constraint in terms of contents. The report ''may'' include that information but if it does not, it is unlikely to be invalid. However, the report cannot end up resulting in a sterile formalistic exercise, carrying no substantive information. This would conflict with the accountability and transparency purpose enshrined by the provision itself and should therefore be avoided. <ref> | In the black-letter of the law, the report "''may include a list of types of infringement notified and types of measures taken in accordance with Article 58(2)''". This wording does not seem to impose the authority a tight constraint in terms of contents. The report ''may'' include that information but if it does not, it is unlikely to be invalid. However, the report cannot end up resulting in a sterile formalistic exercise, carrying no substantive information. This would conflict with the accountability and transparency purpose enshrined by the provision itself and should therefore be avoided. <ref>Seems to be the position of ''Boehm,'' in Kühling, Buchner, DS-GVO BDSG, Article 59 GDPR, margin number 4 (C.H. Beck 2020).</ref> | ||
== Decisions == | == Decisions == |
Revision as of 12:28, 24 August 2021
Legal Text
Each supervisory authority shall draw up an annual report on its activities, which may include a list of types of infringement notified and types of measures taken in accordance with Article 58(2). Those reports shall be transmitted to the national parliament, the government and other authorities as designated by Member State law. They shall be made available to the public, to the Commission and to the Board.
Relevant Recitals
No recitals seem to be available for this provision.
Commentary
Transparency
The main goal of the activity reports regulated by Article 59 GDPR consists of informing national and EU authorities as well as the larger public about the activities the data protection authority has performed over the previous year. Scholars highlights that these materials also contribute in developing a common opinion among different DPAs over new or contentious data protection issues.[1]
Content
In the black-letter of the law, the report "may include a list of types of infringement notified and types of measures taken in accordance with Article 58(2)". This wording does not seem to impose the authority a tight constraint in terms of contents. The report may include that information but if it does not, it is unlikely to be invalid. However, the report cannot end up resulting in a sterile formalistic exercise, carrying no substantive information. This would conflict with the accountability and transparency purpose enshrined by the provision itself and should therefore be avoided. [2]
Decisions
→ You can find all related decisions in Category:Article 59 GDPR