Article 81 GDPR: Difference between revisions
Line 214: | Line 214: | ||
==== Same subject matter ==== | ==== Same subject matter ==== | ||
Parallel proceedings are only deemed to arise when they concern the | Parallel proceedings are only deemed to arise when they concern the 'same subject matter'. Given that the GDPR does not define the concept, the meaning of same subject matter' must be interpreted autonomously.<ref>Generally, when terms are not defined in Union law, they take on an autonomous meaning, any definitions drawn from national law cannot be relied upon (''Planet49'', Case C‑673/17, para 47). | ||
See ''Bergt'' in Kühling, Buchner, DS-GVO BDSG, Article 81 GDPR, margin number 7 (C.H. Beck 2020, 3<sup>rd</sup> edition). | See ''Bergt'' in Kühling, Buchner, DS-GVO BDSG, Article 81 GDPR, margin number 7 (C.H. Beck 2020, 3<sup>rd</sup> edition). | ||
</ref> However, Commentators have noted that the meaning cannot be drawn from Article 29 Brussels Ia, which establishes the concept of | </ref> However, Commentators have noted that the meaning cannot be drawn from Article 29 Brussels Ia, which establishes the concept of 'same cause of action. Instead, its meaning should be formed in light of Article 30 Brussels Ia, whose wording bears a closer resemblance to that of Article 81 GDPR and its supporting Recital 144 GDPR.<ref>See ''Bergt'' in Kühling, Buchner, DS-GVO BDSG, Article 81 GDPR, margin number 7 (C.H. Beck 2020, 3<sup>rd</sup> edition)</ref> | ||
For instance, the wording of Recital 144 mirrors that of Article 30(3) Brussels Ia, which notes that proceedings '<nowiki/>''are deemed to be related where they are so closely connected that it is expedient to hear and determine them together in order to avoid the risk of irreconcilable judgments resulting from separate proceedings.''<nowiki/>' When this Recital is read in line with Article 81(1) GDPR, it is evident that the concept of the '''same subject matter''<nowiki/>' does not necessitate that the same claim is asserted.<ref>See ''Bergt'' in Kühling, Buchner, DS-GVO BDSG, Article 81 GDPR, margin number 7 (C.H. Beck 2020, 3<sup>rd</sup> edition)</ref> | For instance, the wording of Recital 144 mirrors that of Article 30(3) Brussels Ia, which notes that proceedings '<nowiki/>''are deemed to be related where they are so closely connected that it is expedient to hear and determine them together in order to avoid the risk of irreconcilable judgments resulting from separate proceedings.''<nowiki/>' When this Recital is read in line with Article 81(1) GDPR, it is evident that the concept of the '''same subject matter''<nowiki/>' does not necessitate that the same claim is asserted.<ref>See ''Bergt'' in Kühling, Buchner, DS-GVO BDSG, Article 81 GDPR, margin number 7 (C.H. Beck 2020, 3<sup>rd</sup> edition)</ref> |
Revision as of 14:51, 16 November 2023
Legal Text
1. Where a competent court of a Member State has information on proceedings, concerning the same subject matter as regards processing by the same controller or processor, that are pending in a court in another Member State, it shall contact that court in the other Member State to confirm the existence of such proceedings.
2. Where proceedings concerning the same subject matter as regards processing of the same controller or processor are pending in a court in another Member State, any competent court other than the court first seized may suspend its proceedings.
3. Where those proceedings are pending at first instance, any court other than the court first seized may also, on the application of one of the parties, decline jurisdiction if the court first seized has jurisdiction over the actions in question and its law permits the consolidation thereof.
Relevant Recitals
Commentary
Article 81 GDPR regulates the suspension of judicial proceedings in multiple Member States in the context of data protection. The Article addresses issues of coordination where parallel proceedings are brought in the courts of different Member States. The lis pendens rules under Article 81 GDPR differ slightly from those under the Brussels I Regulation (Recast) (Regulation (EU) No 1215/2012) ('Brussels Ia'). Nonetheless, both serve the purpose of preventing contradictory decisions on the same subject matter. Namely, the difference lies with Article 81(2) GDPR, which allows courts discretion to suspend their proceedings. No such discretion exists under the Brussels Ia.
Notably, Article 81's relevance is confined to proceedings related to the private sector. Proceedings against controllers or processors which act as public bodies are confined to the national courts of the Member States where the public body is established.[1] However, in Member States that have a separation between administrative and civil courts (e.g. France, Germany, Italy or Austria) both types of court are subject to Article 81 GDPR.
Scope of Article 81 GDPR
There exist differing opinions among legal scholars as to the scope of Article 81 GDPR. In particular, the discussion concerns what type of court proceedings fall under its ambit. Some Commentators have interpreted Recital 144 GDPR to have limited the scope of Article 81 GDPR, as applying only to proceedings instigated under Article 78 GDPR. The first sentence of Recital 144 GDPR refers to 'court[s] seized of proceedings against a decision by a supervisory authority', but makes no mention of proceedings against a controller or processor, which are subject to Article 79 GDPR.[2] They have interpreted this sentence to have implicitly restricted the applicability of Article 81 GDPR.
This is a reading that we reject. The prevailing opinion, one which we affirm, is that Article 81 GDPR applies to proceedings both under Articles 78 and 79 GDPR. This broader reading of Article 81 GDPR is supported by several interpretative grounds. Firstly, the explicit wording of Article 81 GDPR does not limit its application to proceedings instigated either under Article 78 GDPR or Article 79 GDPR. Secondly, the purpose of Article 81 GDPR is to prevent contradictory decisions arising from parallel proceedings. Consequently, it goes against the provision's purpose to take a restrictive reading of its scope. Lastly, Recital 144 GDPR holds no normative authority. Thus, it cannot limit the scope of a GDPR provision where the GDPR itself does not impose any formal restrictions on the Article's applicability.[3]
(1) Communication regarding parallel proceeding
Article 81(1) GDPR requires that the competent court of a Member State to contact the court of another Member State, when it has information that proceedings concerning the 'same subject matter' by 'the same controller or processor' are pending in that court, to confirm the existence of such proceedings. The purpose of this requirement is to ensure that both Courts are made aware of parallel proceedings.
Obligation to contact court in another Member State
Article 81(1) GDPR places a positive legal obligation on the competent court to contact the court of another Member State, when it becomes aware of (possible) proceedings concerning the same subject matter pending in that court. If the same subject matter is pending in another court of the same Member State, Article 81 GDPR does not apply and the conflict is to be resolved under national law.[4]
This obligation only arises once the court becomes aware that proceedings concerning the same subject matter may be pending in the court of another Member State. In most cases, one or both parties will notify the court of pending parallel proceedings.[5] The competent court is under no obligation to conduct proactive research to determine whether such proceedings exist.[6] However, if the competent court 'has reason to believe that such proceedings exist',[7] it must contact the court in the other Member State to confirm the matter. Due to the provision's use of the imperative 'shall [contact]', the court has no discretionary power in this respect.[8]
Same subject matter
Parallel proceedings are only deemed to arise when they concern the 'same subject matter'. Given that the GDPR does not define the concept, the meaning of same subject matter' must be interpreted autonomously.[9] However, Commentators have noted that the meaning cannot be drawn from Article 29 Brussels Ia, which establishes the concept of 'same cause of action. Instead, its meaning should be formed in light of Article 30 Brussels Ia, whose wording bears a closer resemblance to that of Article 81 GDPR and its supporting Recital 144 GDPR.[10]
For instance, the wording of Recital 144 mirrors that of Article 30(3) Brussels Ia, which notes that proceedings 'are deemed to be related where they are so closely connected that it is expedient to hear and determine them together in order to avoid the risk of irreconcilable judgments resulting from separate proceedings.' When this Recital is read in line with Article 81(1) GDPR, it is evident that the concept of the 'same subject matter' does not necessitate that the same claim is asserted.[11]
Nevertheless, some scholars argue that for the purposes of Article 81(1), parallel proceedings are only deemed to have occurred when the purpose of the proceedings, the facts and circumstances and the alleged GDPR infringements are identical.[12] However, other scholars more convincingly argue that the decisive factor determining whether proceedings are deemed to have the same subject matter, is whether the claim concerns the same processing activity (as defined by Article 4(2) GDPR), because Article 81(1) GDPR explicitly refers to 'processing by the same controller or processor'.[13] As a result, the Article does not require that all parties to the proceedings are identical. Instead, it necessitates that the same controller or processor are party to different proceedings and that these proceedings concern the same processing activities of the controller or processor, but not that the same data subject(s) must be party to the proceedings.[14]
(2) Suspension of proceedings
If the requirements of Article 81(1) GDPR are fulfilled (meaning, “same subject matter” concerning “the same controller or processor” simultaneously “pending in a court in another Member State”) any competent court other than the court first seized may suspend its proceedings. The courts are under no strict obligation to suspend the proceeding but rather have discretion in this respect.[15] Notably, the wording of Article 81(2) GDPR draws similarities with Article 29(1) Brussels Ia. However, Brussels Ia necessitates the suspension of proceedings until the jurisdiction of the court first seised is established, while the GDPR imposes no similar obligation. Under Article 81 GDPR, Courts are afforded discretion regarding the decision to suspend proceedings.[16]
When assessing the necessity for suspension, the court must take into account Article 47 of the Charter of Fundamental Rights of the European Union (‘CFR’), and avoid overly long proceedings due to suspension.[17] It is not necessary that a party requests the suspension. The court decides on the suspension on its own volition. Contrary to Article 81(3) GDPR, Article 81(2) GDPR does not require that proceedings are suspended only 'on the application of one of the parties', but nevertheless, the competent court should take into account the parties' wishes and requests in its assessment.[18]
Pending
Article 81(2) GDPR imposes temporal considerations, as only competent courts other than the court first seised may suspend their proceedings. The concept of pendency determines the court first seised. However, as the GDPR does not define this concept, its meaning must be interpreted autonomously through Union law. Commentators have suggested that the notion of pendency should be determined through the criteria of Article 32 Brussels Ia, which refers to the date of filing with the court.[19] If both proceedings are pending at the same time, then neither court has the option to suspend proceedings.[20]
(3) Consolidation of proceedings
Article 81(3) GDPR allows for the consolidation of proceedings. The consolidation of proceedings occurs once all competent courts, other than the court first seised, decline jurisdiction. Just as Article 81(2) GDPR affords courts the discretion to suspend proceedings, so does Article 81(3) GDPR in relation to the consolidation of proceedings.[21]
The provision stipulates that where parallel proceedings are pending at first instance, any court other than the court first seised may also, on the application of one of the parties, decline jurisdiction if the court first seised has jurisdiction over the actions in question and its law permits the consolidation of the existing proceedings. Consequently Article 81(3) GDPR establishes several cumulative conditions for the consolidation of proceedings:
(i) one of the parties (or both parties) have requested that the relevant court decline jurisdiction;
(ii) all proceedings are still pending at first instance;
(iii) the court first seised has jurisdiction over the actions in question; and
(iv) the Member State law applicable to the proceedings pending in the court first seised permits the consolidation of the proceedings.
The fulfilment of requirement (iv) is a question of Member State law. As not all Member States might provide for the consolidation of legal actions pending in different Member States, this requirement substantially narrows the scope of applicability of Article 81(3) GDPR.[22] Furthermore, it remains unclear how the court subsequently called upon are supposed to assess with sufficient legal certainty if requirements (iii) and (iv) are fulfilled, regarding the court first seised.[23] From a practical viewpoint, these requirements necessitate certain communication and coordination between courts in different Member States.
Decisions
→ You can find all related decisions in Category:Article 81 GDPR
References
- ↑ Kotschy, in Kuner et al., The EU General Data Protection Regulation (GDPR), Article 81 GDPR, p. 1154 (Oxford University Press 2020).
- ↑ Feiler, Forgó, EU-DSGVO, Article 81 GDPR, margin number 1 (Verlag Österreich 2017); also see Feldmann in Gierschmann, Schlender, Stentzel, Veil, Article 81 GDPR, margin number 10 (Bundesanzeiger Verlag 2017).
- ↑ Mundil in Wolff, Brink, BeckOK DatenschutzR, Article 81 GDPR, margin number 8 (C.H. Beck 2021, 36th edition); Boehm in Simitis, Hornung, Spiecker gen. Döhmann, Datenschutzrecht, Article 81 GDPR, margin number 18 (C.H. Beck 2019); Kreße in Sydow, Europäische Datenschutzgrundverordnung, Article 81 GDPR, margin number 1 (Nomos 2018, 2nd edition); Nolte, Werkmeister in Gola, DS-GVO, Article 81 GDPR, margin number 2 (C.H. Beck2018, 2nd edition); Jahnel in Jahnel, DSGVO, Article 81 GDPR, margin number 2 (Jan Sramek 2021); see also Schweiger in Knyrim, Der Datkomm, Article 81 GDPR, margin number 7, 8 (rdb.at 2019) also argues that the wording of Article 81(3) GDPR “proceedings pending at first instance” indicates that proceedings under Article 79 GDPR are encompassed because proceedings under Article 78 GDPR could not be considered “first instance” (as the court is deciding on the decision of a supervisory authority or its inactivity).
- ↑ See Jahnel in Jahnel, DSGVO, Article 81 GDPR, margin number 3 (Jan Sramek 2021).
- ↑ Bergt in Kühling, Buchner, DS-GVO BDSG, Article 81 GDPR, margin number 5 (C.H. Beck 2020, 3rd edition).
- ↑ Bergt in Kühling, Buchner, DS-GVO BDSG, Article 81 GDPR, margin number 5 (C.H. Beck 2020, 3rd edition).
- ↑ Recital 144.
- ↑ Schweiger in Knyrim, Der Datkomm, Article 81 GDPR, margin number 11 (rdb.at 2019); sceptical Feldmann in Gierschmann, Schlender, Stentzel, Veil, Article 81 GDPR, margin number 15 (Bundesanzeiger Verlag 2017).
- ↑ Generally, when terms are not defined in Union law, they take on an autonomous meaning, any definitions drawn from national law cannot be relied upon (Planet49, Case C‑673/17, para 47). See Bergt in Kühling, Buchner, DS-GVO BDSG, Article 81 GDPR, margin number 7 (C.H. Beck 2020, 3rd edition).
- ↑ See Bergt in Kühling, Buchner, DS-GVO BDSG, Article 81 GDPR, margin number 7 (C.H. Beck 2020, 3rd edition)
- ↑ See Bergt in Kühling, Buchner, DS-GVO BDSG, Article 81 GDPR, margin number 7 (C.H. Beck 2020, 3rd edition)
- ↑ Schweiger in Knyrim, Der Datkomm, Article 81 GDPR, margin number 16 (rdb.at 2019); Jahnel in Jahnel, DSGVO, Article 81 GDPR, margin number 5 (Jan Sramek 2021); similar also Nolte, Werkmeister in Gola, DS-GVO, Article 81 GDPR, margin number 2 (C.H. Beck 2018, 2nd edition).
- ↑ Moos, Schefzig in Taeger, Gabel, DSGVO – BDSG, Article 81 GDPR margin number 9 (Deutscher Fachverlag 2019, 3rd edition); Feldmann in Gierschmann, Schlender, Stentzel, Veil, Article 81 GDPR, margin number 12 (Bundesanzeiger Verlag 2017).
- ↑ Bergt in Kühling, Buchner, DS-GVO BDSG, Article 81 GDPR, margin number 9 (C.H. Beck 2020, 3rd edition); Moos, Schefzig in Taeger, Gabel, DSGVO – BDSG, Article 81 GDPR margin number 10 (Deutscher Fachverlag 2019, 3rd edition); by contrast Kreße in Sydow, Europäische Datenschutzgrundverordnung, Article 81 GDPR, margin number 11,12 (Nomos 2018, 2nd edition) and Frenzel in Paal, Pauly, Datenschutz-Grundverordnung Bundesdatenschutzgesetz, Article 81 GDPR, margin number 13 (C.H. Beck 2021, 3th edition) are of the opinion that also the data subject(s) must be identical.
- ↑ Boehm in Simitis, Hornung, Spiecker gen. Döhmann, Datenschutzrecht, Article 81 GDPR, margin number 35 (C.H. Beck 2019).
- ↑ Kotschy, in Kuner et al., The EU General Data Protection Regulation (GDPR), Article 81 GDPR, p. 1154 (Oxford University Press 2020).
- ↑ Boehm in Simitis, Hornung, Spiecker gen. Döhmann, Datenschutzrecht, Article 81 GDPR, margin number 35 (Beck 2019, 1st edition); Mundil in Wolff, Brink, BeckOK DatenschutzR, Article 81 GDPR, margin number 10 (C.H. Beck 2021, 36th edition).
- ↑ Mundil in Wolff, Brink, BeckOK DatenschutzR, Article 81 GDPR, margin number 10 (C.H. Beck 2021, 36th edition).
- ↑ See Bergt in Kühling, Buchner, DS-GVO BDSG, Article 81 GDPR, margin number 15 (C.H. Beck 2020, 3rd edition).
- ↑ See Bergt in Kühling, Buchner, DS-GVO BDSG, Article 81 GDPR, margin number 14 (C.H. Beck 2020, 3rd edition).
- ↑ Nemitz in Ehmann, Selmayr, DS-GVO, Article 81 GDPR, margin number 8 (C.H. Beck 2018, 2nd edition); also see Kreße in Sydow, Europäische Datenschutzgrundverordnung, Article 81 GDPR, margin number 22 (Nomos 2018, 2nd edition).
- ↑ Mundil in Wolff/Brink, BeckOK DatenschutzR, Article 81 GDPR, margin number 11 (C.H. Beck 2021, 36th edition).
- ↑ Moos, Schefzig in Taeger, Gabel, DSGVO – BDSG, Article 81 GDPR margin number 23 (Deutscher Fachverlag 2019, 3rd edition).