Article 59 GDPR

From GDPRhub
Revision as of 20:39, 17 October 2023 by Ng (talk | contribs) (→‎Commentary)
Article 59 - Activity reports
Gdpricon.png
Chapter 10: Delegated and implementing acts

Legal Text


Article 59 - Activity reports

Each supervisory authority shall draw up an annual report on its activities, which may include a list of types of infringement notified and types of measures taken in accordance with Article 58(2). Those reports shall be transmitted to the national parliament, the government and other authorities as designated by Member State law. They shall be made available to the public, to the Commission and to the Board.

Relevant Recitals

No recitals seem to be available for this provision.

Commentary

The main goal of the activity reports regulated by Article 59 GDPR consists of informing national and EU authorities as well as the larger public about the activities the supervasory authority (SA) has performed over the previous year. These materials also contribute to developing a common opinion among different SAs over new or contentious data protection issues. In the black-letter of the law, the report ”may include a list of types of infringement notified and types of measures taken in accordance with Article 58(2)”. This wording does not seem to impose the authority a tight constraint in terms of contents. The report may include that information but if it does not, it is unlikely to be invalid. However, the report cannot end up resulting in a sterile formalistic exercise, carrying no substantive information. This would conflict with the accountability and transparency purpose enshrined by the provision itself and should therefore be avoided.[1]

Decisions

→ You can find all related decisions in Category:Article 59 GDPR

References

  1. Similarly, see Boehm, in Kühling, Buchner, DS-GVO BDSG, Article 59 GDPR, margin number 4 (C.H. Beck 2020).