CJEU - C-645/19 - Facebook v. Belgian DPA

From GDPRhub

CJEU - C-645/19 - Facebook v. Belgian DPA

Cjeulogo.png
Court: CJEU
Jurisdiction: European Union
Relevant Law: Article 55(1) GDPR

Article 56 GDPR

Article 57 GDPR

Article 58 GDPR

Article 60 GDPR

Article 61 GDPR

Article 62 GDPR

Article 63 GDPR

Article 64 GDPR

Article 65 GDPR

Article 66 GDPR

Article 67 GDPR

Article 68 GDPR

Decided: n/a
Published: n/a
Parties: Facebook

Belgian DPA

Case Number: C-645/19
European Case Law Identifier: n/a
Referring Court: Court of Appeal of Belgium (Hof van beroep/ Cour d'appel)
Language: 24 EU Languages
Original Source: InfoCuria Case-law (in EN)

The Court of Appeal of Belgium made a reference for a preliminary ruling to the CJEU in a case between Facebook Ireland Limited, Facebook Inc., Facebook Belgium BVBA and the Belgian DPA concerning the interpretation of the GDPR provisions on the competence, tasks and powers of the supervisory authorities as well as the cooperation and consistency mechanism for the supervisory authorities (Articles 55(1), 56 to 58 and 60 to 66 GDPR). The main question was about whether a supervisory authority should have the power to commence legal proceedings before a court in its Member State against infringements of the GDPR in connection with cross-border processing if it is not the lead supervisory authority for that cross-border processing.

English Summary[edit | edit source]

Questions referred[edit | edit source]

"Should Articles (55)(1), 56 to 58 and 60 to 66 of Regulation (EU) 2016/679 1 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, read in conjunction with Articles 7, 8 and 47 of the Charter of Fundamental Rights of the European Union, be interpreted as meaning that a supervisory authority which, pursuant to national law adopted in implementation of Article 58(5) GDPR of that regulation, has the power to commence legal proceedings before a court in its Member State against infringements of that regulation cannot exercise that power in connection with cross-border processing if it is not the lead supervisory authority for that cross-border processing?

Does it make a difference if the controller of that cross-border processing does not have its main establishment in that Member State but does have another establishment there?

Does it make a difference whether the national supervisory authority commences the legal proceedings against the controller’s main establishment or against the establishment in its own Member State?

Does it make a difference if the national supervisory authority had already commenced the legal proceedings before the date on which the regulation entered into force (25 May 2018)?

If the first question is answered in the affirmative, does Article 58(5) GDPR have direct effect, such that a national supervisory authority can rely on the aforementioned article to commence or continue legal proceedings against private parties even if Article 58(5) GDPR has not been specifically transposed into the legislation of the Member States, notwithstanding the requirement to do so?

If the previous questions are answered in the affirmative, could the outcome of such proceedings prevent the lead supervisory authority from reaching a conclusion to the contrary, in the event that the lead supervisory authority investigates the same or similar cross-border processing activities in accordance with the mechanism laid down in Article 56 GDPR and Article 60 GDPR ?"[1]

Comment[edit | edit source]

Share your comment here!

Further Resources[edit | edit source]

Share blogs or news articles here!