CJEU - C-175/20 - Valsts ieņēmumu dienests

From GDPRhub
CJEU - C-175/20 Valsts ieņēmumu dienests
Cjeulogo.png
Court: CJEU
Jurisdiction: European Union
Relevant Law: Article 5(1) GDPR
Decided:
Parties: SIA SS
Valsts ieņēmumu dienests
Case Number/Name: C-175/20 Valsts ieņēmumu dienests
European Case Law Identifier:
Reference from: Administratīvā apgabaltiesa (Latvia)
Language: 24 EU Languages
Original Source: Judgement
Initial Contributor: FA

See holding for questions referred.

English Summary[edit | edit source]

Facts[edit | edit source]

Facts pending CJEU decision.

Holding[edit | edit source]

Questions referred:

1. Must the requirements laid down in the General Data Protection Regulation be interpreted as meaning that a request for information issued by a tax authority, such as the request at issue in this case, which seeks the disclosure of information containing a considerable amount of personal data, must comply with the requirements laid down in the General Data Protection Regulation (in particular Article 5(1) thereof)?

2. Must the requirements laid down in the General Data Protection Regulation be interpreted as meaning that the Tax Administration may depart from the provisions of Article 5(1) of that regulation even though the legislation in force in the Republic of Latvia does not empower it to do so?

3. For the purposes of interpreting the requirements laid down in the General Data Protection Regulation, can there be considered to be a legitimate objective justifying the obligation, imposed by a request for information such as that at issue in this case, to provide all of the data requested in an undefined amount and for an undefined period of time, in the case where there is no prescribed expiry date for the fulfilment of that request for information?

4. For the purposes of interpreting the requirements laid down in the General Data Protection Regulation, can there be considered to be a legitimate objective justifying the obligation, imposed by a request for information such as that at issue in this case, to provide all of the data requested even if the request for information does not (or does not fully) specify the purpose of disclosing that information?

5. For the purposes of interpreting the requirements laid down in the General Data Protection Regulation, can there be considered to be a legitimate objective justifying the obligation, imposed by a request for information such as that at issue in this case, to provide all of the data requested even if that request relates in practice to absolutely all data subjects who have published advertisements in the ‘Motor Vehicles’ section of a portal?

6. What criteria must be used to verify that a tax authority, acting as controller, is duly ensuring that the processing of data (including the collection of information) is compliant with the requirements laid down in the General Data Protection Regulation?

7. What criteria must be used to verify that a request for information such as that at issue in this case is duly reasoned and occasional?

8. What criteria must be used to verify that personal data are being processed to the extent necessary and in a manner compatible with the requirements laid down in the General Data Protection Regulation?

9. What criteria must be used to verify that a tax authority, acting as controller, ensures that data are processed in accordance with the requirements laid down in Article 5(1) of the General Data Protection Regulation (accountability)?

Comment[edit | edit source]

Share your comments here!

Further Resources[edit | edit source]

Share blogs or news articles here!