CJEU - C-614/10 - Commission v. Austria

From GDPRhub
Revision as of 14:33, 18 November 2024 by Fb (talk | contribs)
CJEU - C-614/10 Commission v. Austria
Cjeulogo.png
Court: CJEU
Jurisdiction: European Union
Relevant Law:
Article 16(2) TFEU
Article 28(1) Directive 95/46/EC
Article 8(3) Charter
§ 36(3) DSG 2000
§ 37(1) DSG 2000
§ 38(1) DSG 2000
§ 38(2) DSG 2000
§ 45(1) BDG 1979
Artikel 20(2) BVG
Decided: 16.10.2012
Parties: European Commission
Republik Österreich
Case Number/Name: C-614/10 Commission v. Austria
European Case Law Identifier: ECLI:EU:C:2012:631
Reference from:
Language: 24 EU Languages
Original Source: AG Opinion
Judgement
Initial Contributor: fb


The CJEU held that the organisation of the former Austrian DPA was not compliant with the requirement of independence set by Article 28(1) of Directive 95/46/EC. Indeed, the DPA was indirectly under the influence of the Federal Chancellery.

English Summary

Facts

On 5 July 2005 the European Commission sent a letter of formal notice to the Republic of Austria in which it claimed that the organisation of the Austrian Data Protection Commission (Datenschutzkommission – DSK) failed to satisfy the criterion of independence set out in the second subparagraph of Article 28(1) of Directive 95/46/EC.

The Commission did not consider the observations of the Republic of Austria satisfactory and, therefore, issued a reasoned opinion pursuant to Article 258(1) TFEU.

On 9 December 2009, the European Commission brought the matter in front of the Court of Justice of the European Union.

The Commission and the EDPS noted that, according to the then-current national law, the managing member of DSK needed to be a member of the Federal Chancellery (Bundeskanzleramt). More in general, they pointed out that the office of DSK was structurally integrated with the departments of the Chancellery. They argued that this was contrary to the criterion of independence set out in the second subparagraph of Article 28(1) of Directive 95/46/EC, as staff members were subject to the supervision of the Chancellery.

The Republic of Austria argued that the requirement of set by the second subparagraph of Article 28(1) of Directive 95/46/EC relates to “functional independence” and that the DSK had such independence, since § 37(1) of the then-in force Austrian Data Protection Code (Datenschutzgesetz - DSG 2000) provided for its members to be independent and not to be bound by instructions given by the government. It pointed out that the managing member did not necessarily need to be a member of the Chancellery and could be chosen among lawyers working in the federal public administration.

Holding

Firstly, the court noted that Article 8(3) of the Charter, Article 16(2) TFEU and Article 28(1) of Directive 95/46/EC require Member States to have a supervisory authority which have complete independence. The court found that the independence of the supervisory authority is an essential component of the protection of individuals with regard to the processing of personal data.

Secondly, the court set aside the argument of the Republic of Austria that the DSK has a sufficient degree of independence since it satisfied the condition of independence inherent in Article 267 TFEU for it to qualify as a court or tribunal of a Member State. The court held that the notion of “complete independence” under data protection law is autonomous and independent from the one under Article 267 TFEU.

Thirdly, the court gave its interpretation of the concept of “complete independence” set by Article 28(1) of Directive 95/46/EC. To do that, the court referred to its previous judgement C-518/07, Commission v. Germany. In this judgement, it had held that this concept should be interpreted as meaning that the supervisory authorities must enjoy an independence which allows them to perform their duties free from any external influence, direct or indirect, which is liable to have an effect on their decisions.

Applying this principle to the case at hand, the court found that the requisite of functional independence, like the one accorded to the DSK, is a condition which is essential to have a “complete independence”. However, this condition by itself is not sufficient to protect that supervisory authority from all external influence.

On the contrary, according to the court, some pieces of Austrian legislation did not allow the DSK to be completely free from any indirect influence. For example, according to § 36(3) and § 38(1) DSG 2000 the managing member of the DSK is a federal official.

Moreover, § 45(1) of the 1979 Law on the conditions of service of officials (Beamten-Dienstrechtsgesetz 1979 - BDG 1979) grants the hierarchical superior an extensive power of supervision over their officials and to encourage the promotion of their staff.

Furthermore, the court held that the fact that the staff of the DSK was composed by federal officials was not compliant with the independence requirement, given that these officials are subject to supervision by the Federal Chancellery within the terms of § 45(1) BDG 1979.

Finally, the court noted that the Federal Chancellor has the right to be informed at all times by the chairman and the managing member of all aspects of the work of the DSK, according to Article 20(2) of the Federal Constitutional Law (Bundes Verfassungsgesetz – BVG) and § 38(2) DSG 2000.

On this matter, the court ruled that such a right to information is also liable to subject the DSK to indirect influence, given that it is far-reaching as it covers “all aspects of the work of the DSK” and that it is unconditional.

On these grounds, the CJEU held that, by failing to take all of the measures necessary to ensure that the legislation in force in Austria meets the requirement of independence, the Republic of Austria has failed to fulfil its obligations under Article 28(1) of Directive 95/46/EC.

Comment

Share your comments here!

Further Resources

Share blogs or news articles here!