Article 59 GDPR
Legal Text
Each supervisory authority shall draw up an annual report on its activities, which may include a list of types of infringement notified and types of measures taken in accordance with Article 58(2). Those reports shall be transmitted to the national parliament, the government and other authorities as designated by Member State law. They shall be made available to the public, to the Commission and to the Board.
Relevant Recitals
No recitals seem to be available for this provision.
Commentary
The main goal of the activity reports regulated by Article 59 GDPR consists of informing national and EU authorities as well as the larger public about the activities the data protection authority has performed over the previous year. Scholars highlights that these materials also contribute in developing a common opinion among different DPAs over new or contentious data protection issues.[1]
In the black-letter of the law, the report "may include a list of types of infringement notified and types of measures taken in accordance with Article 58(2)". This wording does not seem to impose the authority a tight constraint in terms of contents. The report may include that information but if it does not, it is unlikely to be invalid. However, the report cannot end up resulting in a sterile formalistic exercise, carrying no substantive information. This would conflict with the accountability and transparency purpose enshrined by the provision itself and should therefore be avoided. [2]
Decisions
→ You can find all related decisions in Category:Article 59 GDPR