Article 81 GDPR: Difference between revisions

From GDPRhub
(style consistency)
mNo edit summary
 
(20 intermediate revisions by 2 users not shown)
Line 198: Line 198:
== Commentary ==
== Commentary ==


Article 81 GDPR stipulates rules for the coordination of courts of different Member States handling related proceedings in order to avoid contradictory decisions by different courts on the same subject matter.<ref>See Recital 144 GDPR sentence 3.</ref>
Article 81 GDPR regulates the suspension of judicial proceedings in multiple Member States ''in the context of data protection''. The Article addresses issues of coordination where parallel proceedings are brought in the courts of different Member States. The ''lis pendens'' rules under Article 81 GDPR differ slightly from those under the Brussels I Regulation (Recast) (Regulation (EU) No 1215/2012) ('<nowiki/>''Brussels Ia'''). Nonetheless, both serve the purpose of preventing contradictory decisions on the same subject matter. Namely, the difference lies with Article 81(2) GDPR, which allows courts discretion to suspend their proceedings. No such discretion exists under the Brussels Ia.


Article 81(1) GDPR puts the competent court under the obligation to contact courts in other Member States where the same subject matter is pending. Article 81(2) GDPR allows for competent courts other than the court first seized to suspend parallel proceedings. Article 81(3) GDPR stipulates when competent courts other than the court first seized may decline jurisdiction in case of parallel proceedings.
Notably, Article 81's relevance is confined to proceedings related to the private sector. Proceedings against controllers or processors which act as public bodies are confined to the national courts of the Member States where the public body is established.<ref>''Kotschy'', in Kuner et al., The EU General Data Protection Regulation (GDPR), Article 81 GDPR, p. 1154 (Oxford University Press 2020).</ref> However, in Member States that have a separation between administrative and civil courts (e.g. France, Germany, Italy or Austria) both types of court are subject to Article 81 GDPR.


Article 81 GDPR addresses the courts but not the DPAs of the Member States. There are different opinions among legal scholars as to '''which court proceedings''' Article 81 GDPR applies too. Some argue that Article 81 GDPR applies only to proceedings under [[Article 78 GDPR]], because Recital 144 sentence 1 only mentions the situation to where “a court seized of proceedings against a decision by a supervisory authority”, but does not mention proceedings against a controller or processor (which are subject to Article 79 GDPR).<ref>''Feiler, Forgó'', EU-DSGVO, Article 81 GDPR, margin number 1 (Verlag Österreich 2017); also see ''Feldmann'' in Gierschmann, Schlender, Stentzel, Veil, Article 81 GDPR, margin number 10 (Bundesanzeiger Verlag 2017).</ref> However, the prevailing opinion among legal scholars is that it Article 81 GDPR applies to proceedings under both [[Article 78 GDPR|Article 78]] and [[Article 79 GDPR|79 GDPR]] since, (i) the wording of Article 81 GDPR is not limited to either proceedings under Article 78 or 79 GDPR, (ii) the purpose of Article 81 GDPR is to avoid contradictory decisions and (iii) Recital 144 GDPR is of no normative nature and hence cannot limit the scope of GDPR provision.<ref>E.g. ''Mundil'' in Wolff, Brink, BeckOK DatenschutzR, Article 81 GDPR, margin number 8 (Beck 2021, 36th ed.) (accessed 19 July 2021); ''Boehm'' in Simitis, Hornung, Spiecker gen. Döhmann, Datenschutzrecht, Article 81 GDPR, margin number 18 (Beck 2019) ( accessed 19 July 2021); ''Kreße'' in Sydow, Europäische Datenschutzgrundverordnung, Article 81 GDPR, margin number 1 (Nomos 2018, 2<sup>nd</sup> ed.) (accessed 19 July 2021); ''Nolte'', ''Werkmeister'' in Gola, DS-GVO, Article 81 GDPR, margin number 2 (Beck2018, 2<sup>nd</sup> ed.) (accessed 20 July 2021); ''Jahnel''  in Jahnel, DSGVO, Article 81 GDPR, margin number 2 (Jan Sramek 2021); see also ''Schweiger'' in Knyrim, Der Datkomm, Article 81 GDPR, margin number 7, 8 (rdb.at 2019) (accessed 20 July 2021) also argues that Article 81(3) GDPR who argues that the wording “proceedings pending at first instance” indicates that proceedings under Article 79 GDPR are encompassed, as proceedings under Article 78 GDPR could not be considered “first instance” (as the court is deciding on the decision of a DPA or its inactivity).</ref> As a result, Article 81 GDPR applies to both courts handling proceedings against DPAs under [[Article 78 GDPR|Article 78(1) and (2) GDPR]] and courts handling proceedings against controllers or processors against Article 79(1) GDPR. In Member States that have a separation between administrative and civil courts (e.g. France, Germany, Italy or Austria) this means that both strains of courts are subject to Article 81 GDPR.
=== Scope of Article 81 GDPR ===
There exist differing opinions among legal scholars as to the scope of Article 81 GDPR. In particular, the discussion concerns what type of court proceedings fall under its ambit. Some Commentators have interpreted Recital 144 GDPR to have limited the scope of Article&nbsp;81 GDPR, as applying only to proceedings instigated under [[Article 78 GDPR]]. The first sentence of Recital 144 GDPR refers to '''court[s] seized of proceedings against a decision by a supervisory authority''<nowiki/>', but makes no mention of proceedings against a controller or processor, which are subject to [[Article 79 GDPR]].<ref>''Feiler, Forgó'', EU-DSGVO, Article 81 GDPR, margin number 1 (Verlag Österreich 2017); also see ''Feldmann'' in Gierschmann, Schlender, Stentzel, Veil, Article 81 GDPR, margin number 10 (Bundesanzeiger Verlag 2017).</ref> They have interpreted this sentence to have implicitly restricted the applicability of Article 81 GDPR.


=== (1) Communication Regarding Parallel Proceeding ===
This is a reading that we reject. The prevailing opinion, one which we affirm, is that Article 81 GDPR applies to proceedings both under [[Article 78 GDPR|Articles 78]] and [[Article 79 GDPR|79 GDPR]]. This broader reading of Article 81 GDPR is supported by several interpretative grounds. Firstly, the explicit wording of Article 81 GDPR does not limit its application to proceedings instigated either under Article 78 GDPR or Article 79 GDPR. Secondly, the purpose of Article 81 GDPR is to prevent contradictory decisions arising from parallel proceedings. Consequently, it goes against the provision's purpose to take a restrictive reading of its scope. Lastly, Recital 144 GDPR holds no normative authority. Thus, it cannot limit the scope of a GDPR provision where the GDPR itself does not impose any formal restrictions on the Article's applicability.<ref>''Mundil'' in Wolff, Brink, BeckOK DatenschutzR, Article 81 GDPR, margin number 8 (C.H. Beck 2021, 36th edition); ''Boehm'' in Simitis, Hornung, Spiecker gen. Döhmann, Datenschutzrecht, Article 81 GDPR, margin number 18 (C.H. Beck 2019); ''Kreße'' in Sydow, Europäische Datenschutzgrundverordnung, Article 81 GDPR, margin number 1 (Nomos 2018, 2<sup>nd</sup> edition); ''Nolte'', ''Werkmeister'' in Gola, DS-GVO, Article 81 GDPR, margin number 2 (C.H. Beck2018, 2<sup>nd</sup> edition); ''Jahnel'' in Jahnel, DSGVO, Article 81 GDPR, margin number 2 (Jan Sramek 2021); see also ''Schweiger'' in Knyrim, Der Datkomm, Article 81 GDPR, margin number 7, 8 (rdb.at 2019) also argues that the wording of Article 81(3) GDPR “''proceedings pending at first instance''” indicates that proceedings under Article 79 GDPR are encompassed because proceedings under Article 78 GDPR could not be considered “''first instance''” (as the court is deciding on the decision of a supervisory authority or its inactivity).</ref>
=== (1) Communication regarding parallel proceeding ===
Article 81(1) GDPR requires that the competent court of a Member State to contact the court of another Member State, when it has information that proceedings concerning the '<nowiki/>''same subject matter''<nowiki/>' by '''the same controller or processor''<nowiki/>' are pending in that court, to confirm the existence of such proceedings. The purpose of this requirement is to ensure that both Courts are made aware of parallel proceedings.
==== Obligation to contact court in another Member State ====
Article 81(1) GDPR places a positive legal obligation on the competent court to contact the court of another Member State, ''when'' it becomes aware of (possible) proceedings concerning the same subject matter pending in that court. If the same subject matter is pending in another court of the same Member State, Article 81 GDPR does not apply and the conflict is to be resolved under national law.<ref>See ''Jahnel'' in Jahnel, DSGVO, Article 81 GDPR, margin number 3 (Jan Sramek 2021).</ref>


==== Obligation to Contact Court in other Member State ====
This obligation only arises once the court becomes aware that proceedings concerning the same subject matter may be pending in the court of another Member State. In most cases, one or both parties will notify the court of pending parallel proceedings.<ref>''Bergt'' in Kühling, Buchner, DS-GVO BDSG, Article 81 GDPR, margin number 5 (C.H. Beck 2020, 3<sup>rd</sup> edition).</ref> The competent court is under no obligation to conduct proactive research to determine whether such proceedings exist.<ref>''Bergt'' in Kühling, Buchner, DS-GVO BDSG, Article 81 GDPR, margin number 5 (C.H. Beck 2020, 3<sup>rd</sup> edition).</ref> However, if the competent court ''<nowiki/>'has reason to believe that such proceedings exist''<nowiki/>',<ref>Recital 144.</ref> it must contact the court in the other Member State to confirm the matter. Due to the provision's use of the imperative '''shall [contact]''<nowiki/>', the court has no discretionary power in this respect.<ref>''Schweiger'' in Knyrim, Der Datkomm, Article 81 GDPR, margin number 11 (rdb.at 2019); sceptical ''Feldmann'' in Gierschmann, Schlender, Stentzel, Veil, Article 81 GDPR, margin number 15 (Bundesanzeiger Verlag 2017).</ref>
Article 81(1) GDPR addresses only '''courts that are competent''' under [[Article 78 GDPR|Article 78(3)]], [[Article 79 GDPR|Article 79(2)]] or [[Article 82 GDPR|Article 82(6)]] in connection with [[Article 79 GDPR|Article 79(2) GDPR]]<ref>''Kreße'' in Sydow, Europäische Datenschutzgrundverordnung, Article 81 GDPR, margin number 13 (Nomos 2018, 2<sup>nd</sup> ed.) (accessed 19.07.2021).</ref> and that are aware of (possible) proceeding concerning the '''same subject matter''' pending in a '''court of another Member State'''.<ref>If the same subject matter is pending in another court of the same Member State, Article 82 GDPR does not apply and the conflict is to be resolved under national law. See ''Jahnel'' in Jahnel, DSGVO, Article 81 GDPR, margin number 3 (Jan Sramek 2021).</ref> The competent court is under no obligation to conduct proactive research if such proceedings exist – in most cases, one or both parties will notify the court of pending parallel proceedings.<ref>''Bergt'' in Kühling, Buchner, DS-GVO BDSG, Article 81 GDPR, margin number 5 (Beck 2020, 3<sup>rd</sup> ed.) (accessed 19 July 2021).</ref> Once the competent court is aware of such proceedings or has reason to believe that such proceedings exist,<ref>See Recital 144 sentence 1 GDPR: “[…] has reason to believe that […] ”.</ref> it has to contact the court in the other Member State to confirm the existence of such proceedings. The court has no discretionary power in this respect (“''shall contact''”).<ref>''Schweiger'' in Knyrim, Der Datkomm, Article 81 GDPR, margin number 11 (rdb.at 2019) (accessed 20.07.2021); sceptical ''Feldmann'' in Gierschmann, Schlender, Stentzel, Veil, Article 81 GDPR, margin number 15 (Bundesanzeiger Verlag 2017).</ref>


==== Same Subject Matter ====
==== Same subject matter ====
The question of whether the '''same subject matter''' is pending before another court is not entirely clear.The GDPR contains no definition of this term. According to Recital 144 sentence 3 GDPR, “proceedings are deemed to be related where they are so closely connected that it is expedient to hear and determine them together in order to avoid the risk of irreconcilable judgments resulting from separate proceedings.” In light of this, some scholars argue that the '''purpose of the proceedings, the facts and circumstances and the alleged GDPR infringements''' must be identical to assume that procedures concern the same subject matter.<ref>''Schweiger'' in Knyrim, Der Datkomm, Article 81 GDPR, margin number 16 (rdb.at 2019) (accessed 19 July 2021); ''Jahnel'' in Jahnel, DSGVO, Article 81 GDPR, margin number 5 (Jan Sramek 2021); similar also ''Nolte'', ''Werkmeister'' in Gola, DS-GVO, Article 81 GDPR, margin number 2 (Beck 2018, 2<sup>nd</sup> ed.) (accessed 20 July 2021).</ref> However, as Article 81(1) GDPR speaks of “processing by the same controller or processor”,  other scholars – we believe, more convincingly – argue that the '''decisive factor''' in determining whether a proceeding concerns the same subject matter is the '''processing activity''' under [[Article 4 GDPR|Article 4(2) GDPR]].<ref>''Moos, Schefzig'' in Taeger, Gabel, DSGVO – BDSG, Article 81 GDPR margin number 9 (Deutscher Fachverlag 2019, 3<sup>rd</sup> ed.) (accessed 20 July 2021); ''Feldmann'' in Gierschmann, Schlender, Stentzel, Veil, Article 81 GDPR, margin number 12 (Bundesanzeiger Verlag 2017).</ref> It is not required that all parties of the proceedings are identical – it is necessary that the same controller or processor conduct the processing but not that it concerns the same data subject(s).<ref>''Bergt'' in Kühling, Buchner, DS-GVO BDSG, Article 81 GDPR, margin number 9 (Beck 2020, 3<sup>rd</sup> ed.) (accessed 19 July 2021) ''Moos, Schefzig'' in Taeger, Gabel, DSGVO – BDSG, Article 81 GDPR margin number 10 (Deutscher Fachverlag 2019, 3<sup>rd</sup> ed.) (accessed 19 July 2021)); by contrast ''Kreße'' in Sydow, Europäische Datenschutzgrundverordnung, Article 81 GDPR, margin number 11,12 (Nomos 2018, 2<sup>nd</sup> ed.) (accessed 20 July 2021) and ''Frenzel'' in Paal, Pauly, Datenschutz-Grundverordnung Bundesdatenschutzgesetz, Article 81 GDPR, margin number 13 (Beck 2021, 3th ed.) (accessed 20 July 2021) are of the opinion that also the data subject(s) must be identical.</ref>
Parallel proceedings are only deemed to arise when they concern the '<nowiki/>''same subject matter''<nowiki/>'. Given that the GDPR does not define the concept, the meaning of '''same subject matter''<nowiki/>' must be interpreted autonomously.<ref>Generally, when terms are not defined in Union law, they take on an autonomous meaning, any definitions drawn from national law cannot be relied upon (''Planet49'', Case C‑673/17, para 47).


=== (2) Authorisation to Suspend Proceedings ===
See ''Bergt'' in Kühling, Buchner, DS-GVO BDSG, Article 81 GDPR, margin number 7 (C.H. Beck 2020, 3<sup>rd</sup> edition).
If the requirements of Article 81(1) GDPR are fulfilled (meaning proceedings concerning the same subject matter as regards processing by the same controller or processor are pending in a court in another Member State) any competent court other than the court first seized may suspend its proceedings. Again, this only addresses competent courts (Article 78(3), Article 79(2) or Article 82(6) in connection with Article 79(2) GDPR).
</ref> However, Commentators have noted that the meaning cannot be drawn from Article 29 Brussels Ia, which establishes the concept of '<nowiki/>''same cause of action''<nowiki/>'. Instead, its meaning should be formed in light of Article 30 Brussels Ia, whose wording bears a closer resemblance to that of Article 81 GDPR and its supporting Recital 144 GDPR.<ref>See ''Bergt'' in Kühling, Buchner, DS-GVO BDSG, Article 81 GDPR, margin number 7 (C.H. Beck 2020, 3<sup>rd</sup> edition)</ref>


The court is under no strict obligation to suspend the proceeding but rather has discretionary power.<ref>''Boehm'' in Simitis, Hornung, Spiecker gen. Döhmann, Datenschutzrecht, Article 81 GDPR, margin number 35 (beck-online.de 2019) (accessed 19 July 2021).</ref> When assessing the necessity for suspension, the court must take into account Article 47 CFR and avoid overly long proceedings due to suspension<ref>''Boehm'' in Simitis, Hornung, Spiecker gen. Döhmann, Datenschutzrecht, Article 81 GDPR, margin number 35 (beck-online.de 2019) (accessed 19 July 2021).</ref> and possible requests for the CJEU’s preliminary ruling by the court first seized.<ref>''Mundil'' in Wolff, Brink, BeckOK DatenschutzR, Article 81 GDPR, margin number 10 (Beck 2021, 36th ed.) (accessed 20 July 2021).</ref> It is not necessary that a party requests the suspension; the court decides on the suspension on its own volition (contrary to Article 81(3) GDPR, Article 81(2) GDPR does not contain the requirement “''on the application of one of the parties''”) but should take into account the parties wishes/requests in its assessment.<ref>''Mundil'' in Wolff, Brink, BeckOK DatenschutzR, Article 81 GDPR, margin number 10 (Beck 2021, 36th ed.) (accessed 20 July 2021).</ref>
For instance, the wording of Recital 144 mirrors that of Article 30(3) Brussels Ia, which notes that proceedings '<nowiki/>''are deemed to be related where they are so closely connected that it is expedient to hear and determine them together in order to avoid the risk of irreconcilable judgments resulting from separate proceedings.''<nowiki/>' When this Recital is read in line with Article 81(1) GDPR, it is evident that the concept of the '''same subject matter''<nowiki/>' does not necessitate that the same claim is asserted.<ref>See ''Bergt'' in Kühling, Buchner, DS-GVO BDSG, Article 81 GDPR, margin number 7 (C.H. Beck 2020, 3<sup>rd</sup> edition)</ref>


=== (3) Authorisation to Decline Jurisdiction ===
Nevertheless, some scholars argue that for the purposes of Article 81(1), parallel proceedings are only deemed to have occurred when the purpose of the proceedings, the facts and circumstances and the alleged GDPR infringements are identical.<ref>''Schweiger'' in Knyrim, Der Datkomm, Article 81 GDPR, margin number 16 (rdb.at 2019); ''Jahnel'' in Jahnel, DSGVO, Article 81 GDPR, margin number 5 (Jan Sramek 2021); similar also ''Nolte'', ''Werkmeister'' in Gola, DS-GVO, Article 81 GDPR, margin number 2 (C.H. Beck 2018, 2<sup>nd</sup> edition).</ref> However, other scholars more convincingly argue that the decisive factor determining whether proceedings are deemed to have the same subject matter, is whether the claim concerns the same processing activity (as defined by [[Article 4 GDPR|Article 4(2) GDPR]]), because Article&nbsp;81(1)&nbsp;GDPR explicitly refers to '''processing by the same controller or processor''<nowiki/>'.<ref>''Moos, Schefzig'' in Taeger, Gabel, DSGVO – BDSG, Article 81 GDPR margin number 9 (Deutscher Fachverlag 2019, 3<sup>rd</sup> edition); ''Feldmann'' in Gierschmann, Schlender, Stentzel, Veil, Article 81 GDPR, margin number 12 (Bundesanzeiger Verlag 2017).</ref> As a result, the Article does not require that all parties to the proceedings are identical. Instead, it necessitates that the same controller or processor are party to different proceedings and that these proceedings concern the same processing activities of the controller or processor, but not that the same data subject(s) must be party to the proceedings.<ref>''Bergt'' in Kühling, Buchner, DS-GVO BDSG, Article 81 GDPR, margin number 9 (C.H. Beck 2020, 3<sup>rd</sup> edition); ''Moos, Schefzig'' in Taeger, Gabel, DSGVO – BDSG, Article 81 GDPR margin number 10 (Deutscher Fachverlag 2019, 3<sup>rd</sup> edition); by contrast ''Kreße'' in Sydow, Europäische Datenschutzgrundverordnung, Article 81 GDPR, margin number 11,12 (Nomos 2018, 2<sup>nd</sup> edition) and ''Frenzel'' in Paal, Pauly, Datenschutz-Grundverordnung Bundesdatenschutzgesetz, Article 81 GDPR, margin number 13 (C.H. Beck 2021, 3th edition) are of the opinion that also the data subject(s) must be identical.</ref>
Article 81(3) GDPR again addresses any competent court, other than the court first seized. The court subsequently called upon '''may also''' (meaning “instead of or in addition to suspending the proceedings under Article 81(2) GDPR”) decline jurisdiction if:


(i) one of the '''parties''' (or both parties) '''requested''' this and
=== (2) Suspension of proceedings ===
If the requirements of Article 81(1) GDPR are fulfilled (meaning, “''same subject matter''” concerning “''the same controller or processor''” simultaneously “''pending in a court in another Member State''”) any competent court other than the court first seized may suspend its proceedings. The courts are under no strict obligation to suspend the proceeding but rather have discretion in this respect.<ref>''Boehm'' in Simitis, Hornung, Spiecker gen. Döhmann, Datenschutzrecht, Article 81 GDPR, margin number 35 (C.H. Beck 2019).</ref> Notably, the wording of Article 81(2) GDPR draws similarities with Article 29(1) Brussels Ia. However, Brussels Ia necessitates the suspension of proceedings until the jurisdiction of the court first seised is established, while the GDPR imposes no similar obligation. Under Article 81 GDPR, Courts are afforded discretion regarding the decision to suspend proceedings.<ref>''Kotschy'', in Kuner et al., The EU General Data Protection Regulation (GDPR), Article 81 GDPR, p. 1154 (Oxford University Press 2020).</ref>


(ii) the proceedings are pending '''at first instance''' (meaning proceedings on the same subject matter, as referred to in Article 81(2) GDPR) and
When assessing the necessity for suspension, the court must take into account Article 47 of the Charter of Fundamental Rights of the European Union (‘''CFR''’), and avoid overly long proceedings due to suspension.<ref>''Boehm'' in Simitis, Hornung, Spiecker gen. Döhmann, Datenschutzrecht, Article 81 GDPR, margin number 35 (Beck 2019, 1st edition); ''Mundil'' in Wolff, Brink, BeckOK DatenschutzR, Article 81 GDPR, margin number 10 (C.H. Beck 2021, 36th edition).</ref> It is not necessary that a party requests the suspension. The court decides on the suspension on its own volition. Contrary to Article 81(3) GDPR, Article 81(2) GDPR does not require that proceedings are suspended only '''on the application of one of the parties''<nowiki/>', but nevertheless, the competent court should take into account the parties' wishes and requests in its assessment.<ref>''Mundil'' in Wolff, Brink, BeckOK DatenschutzR, Article 81 GDPR, margin number 10 (C.H. Beck 2021, 36th edition).</ref>


(iii) the '''court first seized has jurisdiction''' over the actions in question (meaning also over the action filed with the court subsequently called upon) and
==== Pending ====
Article 81(2) GDPR imposes temporal considerations, as only <span id="1">competent courts other than the court first seised may suspend their proceedings. The concept of pendency determines the court first seised. However, as the GDPR does not define this concept, its meaning must be interpreted autonomously through Union law. Commentators have suggested that the notion of pendency should be determined through the criteria of Article 32 Brussels Ia, which refers to the date of filing with the court.</span><ref>See ''Bergt'' in Kühling, Buchner, DS-GVO BDSG, Article 81 GDPR, margin number 15 (C.H. Beck 2020, 3<sup>rd</sup> edition).</ref> If both proceedings are pending at the same time, then neither court has the option to suspend proceedings.<ref>See ''Bergt'' in Kühling, Buchner, DS-GVO BDSG, Article 81 GDPR, margin number 14 (C.H. Beck 2020, 3<sup>rd</sup> edition).</ref>


(iv) the '''Member State law''' applicable on the proceedings pending in the court first seized '''permits the consolidation''' of the actions in question.
=== (3) Consolidation of proceedings ===
Article 81(3) GDPR allows for the consolidation of proceedings. The consolidation of proceedings occurs once all competent courts, other than the court first seised, decline jurisdiction. Just as Article 81(2) GDPR affords courts the discretion to suspend proceedings, so does Article 81(3) GDPR in relation to the consolidation of proceedings.<ref>''Nemitz'' in Ehmann, Selmayr, DS-GVO, Article 81 GDPR, margin number 8 (C.H. Beck 2018, 2<sup>nd</sup> edition); also see ''Kreße'' in Sydow, Europäische Datenschutzgrundverordnung, Article 81 GDPR, margin number 22 (Nomos 2018, 2<sup>nd</sup> edition).</ref>


The fulfilment of requirement (iv) is a question of Member State law. As not all Member States might provide for consolidation of legal actions pending in different Member States this requirement substantially narrows the scope of applicability of Article 81(3) GDPR.<ref>See ''Mundil'' in Wolff/Brink, BeckOK DatenschutzR, Article 81 GDPR, margin number 11 (Beck 2021, 36th ed.) (accessed 20 July 2021).</ref> Furthermore, it remains unclear how the court subsequently called upon is supposed to assess with sufficient legal certainty if requirements (iii) and (iv) are fulfilled regarding the court first seized.<ref>''Moos, Schefzig'' in Taeger, Gabel, DSGVO – BDSG, Article 81 GDPR margin number 23 (Deutscher Fachverlag 2019, 3<sup>rd</sup> ed.) (accessed 20 July 2021). </ref> From a practical viewpoint, this requires certain communication and coordination between courts in different Member States.
The provision stipulates that where parallel proceedings are pending at first instance, any court other than the court first seised may also, on the application of one of the parties, decline jurisdiction if the court first seised has jurisdiction over the actions in question and its law permits the consolidation of the existing proceedings. Consequently Article 81(3) GDPR establishes several cumulative conditions for the consolidation of proceedings: 


Like the suspension under Article 81(2) GDPR, the decision on declining jurisdiction under Article 81(3) GDPR is subject to the court’s discretionary power.<ref>''Nemitz'' in Ehmann, Selmayr, DS-GVO, Article 81 GDPR, margin number 8 (Beck 2018, 2<sup>nd</sup> ed.) (accessed 20 July 2021); also see ''Kreße'' in Sydow, Europäische Datenschutzgrundverordnung, Article 81 GDPR, margin number 22 (Nomos 2018, 2<sup>nd</sup> ed.) (accessed 20 July 2021).</ref>
(i) one of the parties (or both parties) have requested that the relevant court decline jurisdiction; 
 
(ii) all proceedings are still pending at first instance; 
 
(iii) the court first seised has jurisdiction over the actions in question; and 
 
(iv) the Member State law applicable to the proceedings pending in the court first seised permits the consolidation of the proceedings.
 
The fulfilment of requirement (iv) is a question of Member State law. As not all Member States might provide for the consolidation of legal actions pending in different Member States, this requirement substantially narrows the scope of applicability of Article 81(3) GDPR.<ref>''Mundil'' in Wolff/Brink, BeckOK DatenschutzR, Article 81 GDPR, margin number 11 (C.H. Beck 2021, 36th edition).</ref> Furthermore, it remains unclear how the court subsequently called upon are supposed to assess with sufficient legal certainty if requirements (iii) and (iv) are fulfilled, regarding the court first seised.<ref>''Moos, Schefzig'' in Taeger, Gabel, DSGVO – BDSG, Article 81 GDPR margin number 23 (Deutscher Fachverlag 2019, 3<sup>rd</sup> edition).</ref> From a practical viewpoint, these requirements necessitate certain communication and coordination between courts in different Member States. 


== Decisions ==
== Decisions ==

Latest revision as of 14:52, 16 November 2023

Article 81 - Suspension of proceedings
Gdpricon.png
Chapter 10: Delegated and implementing acts

Legal Text


Article 81 - Suspension of proceedings

1. Where a competent court of a Member State has information on proceedings, concerning the same subject matter as regards processing by the same controller or processor, that are pending in a court in another Member State, it shall contact that court in the other Member State to confirm the existence of such proceedings.

2. Where proceedings concerning the same subject matter as regards processing of the same controller or processor are pending in a court in another Member State, any competent court other than the court first seized may suspend its proceedings.

3. Where those proceedings are pending at first instance, any court other than the court first seized may also, on the application of one of the parties, decline jurisdiction if the court first seized has jurisdiction over the actions in question and its law permits the consolidation thereof.

Relevant Recitals

Recital 144: Lis Alibi Pendens
Where a court seized of proceedings against a decision by a supervisory authority has reason to believe that proceedings concerning the same processing, such as the same subject matter as regards processing by the same controller or processor, or the same cause of action, are brought before a competent court in another Member State, it should contact that court in order to confirm the existence of such related proceedings. If related proceedings are pending before a court in another Member State, any court other than the court first seized may stay its proceedings or may, on request of one of the parties, decline jurisdiction in favour of the court first seized if that court has jurisdiction over the proceedings in question and its law permits the consolidation of such related proceedings. Proceedings are deemed to be related where they are so closely connected that it is expedient to hear and determine them together in order to avoid the risk of irreconcilable judgments resulting from separate proceedings.

Commentary

Article 81 GDPR regulates the suspension of judicial proceedings in multiple Member States in the context of data protection. The Article addresses issues of coordination where parallel proceedings are brought in the courts of different Member States. The lis pendens rules under Article 81 GDPR differ slightly from those under the Brussels I Regulation (Recast) (Regulation (EU) No 1215/2012) ('Brussels Ia'). Nonetheless, both serve the purpose of preventing contradictory decisions on the same subject matter. Namely, the difference lies with Article 81(2) GDPR, which allows courts discretion to suspend their proceedings. No such discretion exists under the Brussels Ia.

Notably, Article 81's relevance is confined to proceedings related to the private sector. Proceedings against controllers or processors which act as public bodies are confined to the national courts of the Member States where the public body is established.[1] However, in Member States that have a separation between administrative and civil courts (e.g. France, Germany, Italy or Austria) both types of court are subject to Article 81 GDPR.

Scope of Article 81 GDPR

There exist differing opinions among legal scholars as to the scope of Article 81 GDPR. In particular, the discussion concerns what type of court proceedings fall under its ambit. Some Commentators have interpreted Recital 144 GDPR to have limited the scope of Article 81 GDPR, as applying only to proceedings instigated under Article 78 GDPR. The first sentence of Recital 144 GDPR refers to 'court[s] seized of proceedings against a decision by a supervisory authority', but makes no mention of proceedings against a controller or processor, which are subject to Article 79 GDPR.[2] They have interpreted this sentence to have implicitly restricted the applicability of Article 81 GDPR.

This is a reading that we reject. The prevailing opinion, one which we affirm, is that Article 81 GDPR applies to proceedings both under Articles 78 and 79 GDPR. This broader reading of Article 81 GDPR is supported by several interpretative grounds. Firstly, the explicit wording of Article 81 GDPR does not limit its application to proceedings instigated either under Article 78 GDPR or Article 79 GDPR. Secondly, the purpose of Article 81 GDPR is to prevent contradictory decisions arising from parallel proceedings. Consequently, it goes against the provision's purpose to take a restrictive reading of its scope. Lastly, Recital 144 GDPR holds no normative authority. Thus, it cannot limit the scope of a GDPR provision where the GDPR itself does not impose any formal restrictions on the Article's applicability.[3]

(1) Communication regarding parallel proceeding

Article 81(1) GDPR requires that the competent court of a Member State to contact the court of another Member State, when it has information that proceedings concerning the 'same subject matter' by 'the same controller or processor' are pending in that court, to confirm the existence of such proceedings. The purpose of this requirement is to ensure that both Courts are made aware of parallel proceedings.

Obligation to contact court in another Member State

Article 81(1) GDPR places a positive legal obligation on the competent court to contact the court of another Member State, when it becomes aware of (possible) proceedings concerning the same subject matter pending in that court. If the same subject matter is pending in another court of the same Member State, Article 81 GDPR does not apply and the conflict is to be resolved under national law.[4]

This obligation only arises once the court becomes aware that proceedings concerning the same subject matter may be pending in the court of another Member State. In most cases, one or both parties will notify the court of pending parallel proceedings.[5] The competent court is under no obligation to conduct proactive research to determine whether such proceedings exist.[6] However, if the competent court 'has reason to believe that such proceedings exist',[7] it must contact the court in the other Member State to confirm the matter. Due to the provision's use of the imperative 'shall [contact]', the court has no discretionary power in this respect.[8]

Same subject matter

Parallel proceedings are only deemed to arise when they concern the 'same subject matter'. Given that the GDPR does not define the concept, the meaning of 'same subject matter' must be interpreted autonomously.[9] However, Commentators have noted that the meaning cannot be drawn from Article 29 Brussels Ia, which establishes the concept of 'same cause of action'. Instead, its meaning should be formed in light of Article 30 Brussels Ia, whose wording bears a closer resemblance to that of Article 81 GDPR and its supporting Recital 144 GDPR.[10]

For instance, the wording of Recital 144 mirrors that of Article 30(3) Brussels Ia, which notes that proceedings 'are deemed to be related where they are so closely connected that it is expedient to hear and determine them together in order to avoid the risk of irreconcilable judgments resulting from separate proceedings.' When this Recital is read in line with Article 81(1) GDPR, it is evident that the concept of the 'same subject matter' does not necessitate that the same claim is asserted.[11]

Nevertheless, some scholars argue that for the purposes of Article 81(1), parallel proceedings are only deemed to have occurred when the purpose of the proceedings, the facts and circumstances and the alleged GDPR infringements are identical.[12] However, other scholars more convincingly argue that the decisive factor determining whether proceedings are deemed to have the same subject matter, is whether the claim concerns the same processing activity (as defined by Article 4(2) GDPR), because Article 81(1) GDPR explicitly refers to 'processing by the same controller or processor'.[13] As a result, the Article does not require that all parties to the proceedings are identical. Instead, it necessitates that the same controller or processor are party to different proceedings and that these proceedings concern the same processing activities of the controller or processor, but not that the same data subject(s) must be party to the proceedings.[14]

(2) Suspension of proceedings

If the requirements of Article 81(1) GDPR are fulfilled (meaning, “same subject matter” concerning “the same controller or processor” simultaneously “pending in a court in another Member State”) any competent court other than the court first seized may suspend its proceedings. The courts are under no strict obligation to suspend the proceeding but rather have discretion in this respect.[15] Notably, the wording of Article 81(2) GDPR draws similarities with Article 29(1) Brussels Ia. However, Brussels Ia necessitates the suspension of proceedings until the jurisdiction of the court first seised is established, while the GDPR imposes no similar obligation. Under Article 81 GDPR, Courts are afforded discretion regarding the decision to suspend proceedings.[16]

When assessing the necessity for suspension, the court must take into account Article 47 of the Charter of Fundamental Rights of the European Union (‘CFR’), and avoid overly long proceedings due to suspension.[17] It is not necessary that a party requests the suspension. The court decides on the suspension on its own volition. Contrary to Article 81(3) GDPR, Article 81(2) GDPR does not require that proceedings are suspended only 'on the application of one of the parties', but nevertheless, the competent court should take into account the parties' wishes and requests in its assessment.[18]

Pending

Article 81(2) GDPR imposes temporal considerations, as only competent courts other than the court first seised may suspend their proceedings. The concept of pendency determines the court first seised. However, as the GDPR does not define this concept, its meaning must be interpreted autonomously through Union law. Commentators have suggested that the notion of pendency should be determined through the criteria of Article 32 Brussels Ia, which refers to the date of filing with the court.[19] If both proceedings are pending at the same time, then neither court has the option to suspend proceedings.[20]

(3) Consolidation of proceedings

Article 81(3) GDPR allows for the consolidation of proceedings. The consolidation of proceedings occurs once all competent courts, other than the court first seised, decline jurisdiction. Just as Article 81(2) GDPR affords courts the discretion to suspend proceedings, so does Article 81(3) GDPR in relation to the consolidation of proceedings.[21]

The provision stipulates that where parallel proceedings are pending at first instance, any court other than the court first seised may also, on the application of one of the parties, decline jurisdiction if the court first seised has jurisdiction over the actions in question and its law permits the consolidation of the existing proceedings. Consequently Article 81(3) GDPR establishes several cumulative conditions for the consolidation of proceedings:

(i) one of the parties (or both parties) have requested that the relevant court decline jurisdiction;

(ii) all proceedings are still pending at first instance;

(iii) the court first seised has jurisdiction over the actions in question; and

(iv) the Member State law applicable to the proceedings pending in the court first seised permits the consolidation of the proceedings.

The fulfilment of requirement (iv) is a question of Member State law. As not all Member States might provide for the consolidation of legal actions pending in different Member States, this requirement substantially narrows the scope of applicability of Article 81(3) GDPR.[22] Furthermore, it remains unclear how the court subsequently called upon are supposed to assess with sufficient legal certainty if requirements (iii) and (iv) are fulfilled, regarding the court first seised.[23] From a practical viewpoint, these requirements necessitate certain communication and coordination between courts in different Member States.

Decisions

→ You can find all related decisions in Category:Article 81 GDPR

References

  1. Kotschy, in Kuner et al., The EU General Data Protection Regulation (GDPR), Article 81 GDPR, p. 1154 (Oxford University Press 2020).
  2. Feiler, Forgó, EU-DSGVO, Article 81 GDPR, margin number 1 (Verlag Österreich 2017); also see Feldmann in Gierschmann, Schlender, Stentzel, Veil, Article 81 GDPR, margin number 10 (Bundesanzeiger Verlag 2017).
  3. Mundil in Wolff, Brink, BeckOK DatenschutzR, Article 81 GDPR, margin number 8 (C.H. Beck 2021, 36th edition); Boehm in Simitis, Hornung, Spiecker gen. Döhmann, Datenschutzrecht, Article 81 GDPR, margin number 18 (C.H. Beck 2019); Kreße in Sydow, Europäische Datenschutzgrundverordnung, Article 81 GDPR, margin number 1 (Nomos 2018, 2nd edition); Nolte, Werkmeister in Gola, DS-GVO, Article 81 GDPR, margin number 2 (C.H. Beck2018, 2nd edition); Jahnel in Jahnel, DSGVO, Article 81 GDPR, margin number 2 (Jan Sramek 2021); see also Schweiger in Knyrim, Der Datkomm, Article 81 GDPR, margin number 7, 8 (rdb.at 2019) also argues that the wording of Article 81(3) GDPR “proceedings pending at first instance” indicates that proceedings under Article 79 GDPR are encompassed because proceedings under Article 78 GDPR could not be considered “first instance” (as the court is deciding on the decision of a supervisory authority or its inactivity).
  4. See Jahnel in Jahnel, DSGVO, Article 81 GDPR, margin number 3 (Jan Sramek 2021).
  5. Bergt in Kühling, Buchner, DS-GVO BDSG, Article 81 GDPR, margin number 5 (C.H. Beck 2020, 3rd edition).
  6. Bergt in Kühling, Buchner, DS-GVO BDSG, Article 81 GDPR, margin number 5 (C.H. Beck 2020, 3rd edition).
  7. Recital 144.
  8. Schweiger in Knyrim, Der Datkomm, Article 81 GDPR, margin number 11 (rdb.at 2019); sceptical Feldmann in Gierschmann, Schlender, Stentzel, Veil, Article 81 GDPR, margin number 15 (Bundesanzeiger Verlag 2017).
  9. Generally, when terms are not defined in Union law, they take on an autonomous meaning, any definitions drawn from national law cannot be relied upon (Planet49, Case C‑673/17, para 47). See Bergt in Kühling, Buchner, DS-GVO BDSG, Article 81 GDPR, margin number 7 (C.H. Beck 2020, 3rd edition).
  10. See Bergt in Kühling, Buchner, DS-GVO BDSG, Article 81 GDPR, margin number 7 (C.H. Beck 2020, 3rd edition)
  11. See Bergt in Kühling, Buchner, DS-GVO BDSG, Article 81 GDPR, margin number 7 (C.H. Beck 2020, 3rd edition)
  12. Schweiger in Knyrim, Der Datkomm, Article 81 GDPR, margin number 16 (rdb.at 2019); Jahnel in Jahnel, DSGVO, Article 81 GDPR, margin number 5 (Jan Sramek 2021); similar also Nolte, Werkmeister in Gola, DS-GVO, Article 81 GDPR, margin number 2 (C.H. Beck 2018, 2nd edition).
  13. Moos, Schefzig in Taeger, Gabel, DSGVO – BDSG, Article 81 GDPR margin number 9 (Deutscher Fachverlag 2019, 3rd edition); Feldmann in Gierschmann, Schlender, Stentzel, Veil, Article 81 GDPR, margin number 12 (Bundesanzeiger Verlag 2017).
  14. Bergt in Kühling, Buchner, DS-GVO BDSG, Article 81 GDPR, margin number 9 (C.H. Beck 2020, 3rd edition); Moos, Schefzig in Taeger, Gabel, DSGVO – BDSG, Article 81 GDPR margin number 10 (Deutscher Fachverlag 2019, 3rd edition); by contrast Kreße in Sydow, Europäische Datenschutzgrundverordnung, Article 81 GDPR, margin number 11,12 (Nomos 2018, 2nd edition) and Frenzel in Paal, Pauly, Datenschutz-Grundverordnung Bundesdatenschutzgesetz, Article 81 GDPR, margin number 13 (C.H. Beck 2021, 3th edition) are of the opinion that also the data subject(s) must be identical.
  15. Boehm in Simitis, Hornung, Spiecker gen. Döhmann, Datenschutzrecht, Article 81 GDPR, margin number 35 (C.H. Beck 2019).
  16. Kotschy, in Kuner et al., The EU General Data Protection Regulation (GDPR), Article 81 GDPR, p. 1154 (Oxford University Press 2020).
  17. Boehm in Simitis, Hornung, Spiecker gen. Döhmann, Datenschutzrecht, Article 81 GDPR, margin number 35 (Beck 2019, 1st edition); Mundil in Wolff, Brink, BeckOK DatenschutzR, Article 81 GDPR, margin number 10 (C.H. Beck 2021, 36th edition).
  18. Mundil in Wolff, Brink, BeckOK DatenschutzR, Article 81 GDPR, margin number 10 (C.H. Beck 2021, 36th edition).
  19. See Bergt in Kühling, Buchner, DS-GVO BDSG, Article 81 GDPR, margin number 15 (C.H. Beck 2020, 3rd edition).
  20. See Bergt in Kühling, Buchner, DS-GVO BDSG, Article 81 GDPR, margin number 14 (C.H. Beck 2020, 3rd edition).
  21. Nemitz in Ehmann, Selmayr, DS-GVO, Article 81 GDPR, margin number 8 (C.H. Beck 2018, 2nd edition); also see Kreße in Sydow, Europäische Datenschutzgrundverordnung, Article 81 GDPR, margin number 22 (Nomos 2018, 2nd edition).
  22. Mundil in Wolff/Brink, BeckOK DatenschutzR, Article 81 GDPR, margin number 11 (C.H. Beck 2021, 36th edition).
  23. Moos, Schefzig in Taeger, Gabel, DSGVO – BDSG, Article 81 GDPR margin number 23 (Deutscher Fachverlag 2019, 3rd edition).