CJEU - C-175/20 - Valsts ieņēmumu dienests: Difference between revisions
No edit summary |
(→Facts) |
||
| Line 29: | Line 29: | ||
|Reference_Case_Number_Name= | |Reference_Case_Number_Name= | ||
|Initial_Contributor= | |Initial_Contributor= | ||
| | | | ||
}} | }} | ||
| Line 43: | Line 43: | ||
The applicant was asked to send the information electronically, in a format that would allow the data to be filtered and selected. The applicant was also asked to include the following information in the data file: a link to the advertisement, advertisement text, make of vehicle, model, chassis number, price, vendor’s telephone numbers. | The applicant was asked to send the information electronically, in a format that would allow the data to be filtered and selected. The applicant was also asked to include the following information in the data file: a link to the advertisement, advertisement text, make of vehicle, model, chassis number, price, vendor’s telephone numbers. | ||
The applicant lodged an administrative complaint challenging the request for information of the defendant. According to the applicant, the scope of the request for information, which constitutes personal data within the meaning of Article 4(1) of the GDPR, was not justified by the law. The applicant argued in particular that the defendant, in its capacity as controller, did not comply with the principle of proportionality or the principle of minimisation enshrined in [[Article 5 GDPR|Article 5(1) GDPR]]. | |||
The defendant dismissed the applicant's complaint and upheld the request for information. The dispute escalated before the national courts. In this context, the referring court referred several questions to the CJEU. On 2 September 2021, [[CJEU - Opinion of AG Bobek in Case C‑175/20 - SIA ‘SS’|AG Bobek rendered his opinion in this case]] ''(please note the facts on this page are copied from this summary).'' A final judgment has not been issued yet. | |||
=== Holding === | === Holding === | ||
| Line 66: | Line 70: | ||
== Comment == | == Comment == | ||
'' | ''Share your comments here!'' | ||
== Further Resources == | == Further Resources == | ||
''Share blogs or news articles here!'' | ''Share blogs or news articles here!'' | ||
Revision as of 16:15, 22 February 2022
| CJEU - C-175/20 Valsts ieņēmumu dienests | |
|---|---|
 | |
| Court: | CJEU |
| Jurisdiction: | European Union |
| Relevant Law: | Article 5(1) GDPR |
| Decided: | |
| Parties: | SIA SS Valsts ieņēmumu dienests |
| Case Number/Name: | C-175/20 Valsts ieņēmumu dienests |
| European Case Law Identifier: | |
| Reference from: | Administratīvā apgabaltiesa (Latvia) |
| Language: | 24 EU Languages |
| Original Source: | Judgement |
| Initial Contributor: | n/a |
See holding for questions referred.
English Summary
Facts
SIA ‘SS’ (‘the applicant’) is a company specialized in online advertising services. Private individuals may post and advertise various products on the applicant's website (www.ss.com) with a view of selling them. These products may include vehicles such as second-hand cars or motorbikes.
On 28 August 2018, the director of the Latvian Tax Inspection Office (‘the defendant’) sent to the applicant request for information on the basis of Article 15(6) of the Law on taxes and duties. In that request, the defendant asked the applicant to renew the defendant's access to information, and in particular information on (1) the telephone numbers of advertisers ; (2) the chassis numbers of vehicles featured in advertisements published on the applicant’s website, and (3) information on advertisements published in the ‘Motor Vehicles’ section of the website during the period from 14 July to 31 August 2018.
The applicant was asked to send the information electronically, in a format that would allow the data to be filtered and selected. The applicant was also asked to include the following information in the data file: a link to the advertisement, advertisement text, make of vehicle, model, chassis number, price, vendor’s telephone numbers.
The applicant lodged an administrative complaint challenging the request for information of the defendant. According to the applicant, the scope of the request for information, which constitutes personal data within the meaning of Article 4(1) of the GDPR, was not justified by the law. The applicant argued in particular that the defendant, in its capacity as controller, did not comply with the principle of proportionality or the principle of minimisation enshrined in Article 5(1) GDPR.
The defendant dismissed the applicant's complaint and upheld the request for information. The dispute escalated before the national courts. In this context, the referring court referred several questions to the CJEU. On 2 September 2021, AG Bobek rendered his opinion in this case (please note the facts on this page are copied from this summary). A final judgment has not been issued yet.
Holding
Questions referred:
1. Must the requirements laid down in the General Data Protection Regulation be interpreted as meaning that a request for information issued by a tax authority, such as the request at issue in this case, which seeks the disclosure of information containing a considerable amount of personal data, must comply with the requirements laid down in the General Data Protection Regulation (in particular Article 5(1) thereof)?
2. Must the requirements laid down in the General Data Protection Regulation be interpreted as meaning that the Tax Administration may depart from the provisions of Article 5(1) of that regulation even though the legislation in force in the Republic of Latvia does not empower it to do so?
3. For the purposes of interpreting the requirements laid down in the General Data Protection Regulation, can there be considered to be a legitimate objective justifying the obligation, imposed by a request for information such as that at issue in this case, to provide all of the data requested in an undefined amount and for an undefined period of time, in the case where there is no prescribed expiry date for the fulfilment of that request for information?
4. For the purposes of interpreting the requirements laid down in the General Data Protection Regulation, can there be considered to be a legitimate objective justifying the obligation, imposed by a request for information such as that at issue in this case, to provide all of the data requested even if the request for information does not (or does not fully) specify the purpose of disclosing that information?
5. For the purposes of interpreting the requirements laid down in the General Data Protection Regulation, can there be considered to be a legitimate objective justifying the obligation, imposed by a request for information such as that at issue in this case, to provide all of the data requested even if that request relates in practice to absolutely all data subjects who have published advertisements in the ‘Motor Vehicles’ section of a portal?
6. What criteria must be used to verify that a tax authority, acting as controller, is duly ensuring that the processing of data (including the collection of information) is compliant with the requirements laid down in the General Data Protection Regulation?
7. What criteria must be used to verify that a request for information such as that at issue in this case is duly reasoned and occasional?
8. What criteria must be used to verify that personal data are being processed to the extent necessary and in a manner compatible with the requirements laid down in the General Data Protection Regulation?
9. What criteria must be used to verify that a tax authority, acting as controller, ensures that data are processed in accordance with the requirements laid down in Article 5(1) of the General Data Protection Regulation (accountability)?
Comment
Share your comments here!
Further Resources
Share blogs or news articles here!
