VSL - VSL Sodba PRp 345/2019

From GDPRhub
Revision as of 08:39, 1 September 2020 by ML (talk | contribs) (Created page with "{{COURTdecisionBOX |Jurisdiction=Slovenia |Court-BG-Color= |Courtlogo=Courts_logo1.png |Court_Abbrevation=VSL |Court_With_Country=VSL (Slovenia) |Case_Number_Name=VSL Sodba...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
VSL - VSL Sodba PRp 345/2019
Courts logo1.png
Court: VSL (Slovenia)
Jurisdiction: Slovenia
Relevant Law: Article 6(1)(c) GDPR
Article 6(2) GDPR
Article 83(5)(a) GDPR
Article 10 of ZOdv
Article 2, 2/2, 136, 136/1, 136 / 1-1
Article 8 of ZVOP-1
Articles 8, 91, 91/1, 91 / 1-1, 91/2.
Article 10, 10/1
Decided: 18.06.2020
Published:
Parties:
National Case Number/Name: VSL Sodba PRp 345/2019
European Case Law Identifier: ECLI:SI:VSLJ:2020:PRP.345.2019
Appeal from:
Appeal to:
Original Language(s): Slovenian
Original Source: [SOVS=SOVS&database[IESP]=IESP&database[UPRS]=UPRS&database[NEGM]=NEGM&_submit=i%C5%A1%C4%8Di&rowsPerPage=20&page=0&id=2015081111438757 Sodna Praksa (in Slovenian)]
Initial Contributor: n/a

The imposition of administrative fines, as prescribed by the GDPR, has not been transposed into the national legal order of the Republic of Slovenia, as ZP-1 as well as the misdemeanor regulation do not regulate the manner of imposing administrative fines in misdemeanor proceedings. The GDPR prescribes a significantly higher administrative fine than the prescribed fine in ZVOP-1. It depends on the circumstances of the specific case, whether Article 8 of ZVOP-1 can be retained in force.

English Summary[edit | edit source]

Facts[edit | edit source]

The controller is accused of violating the provision of Article 8 of ZVOP-1 because the responsible person obtained personal data of vehicle owners or users in contravention of Article 10 of ZOdv.

Dispute[edit | edit source]

Is Slovenian law still applicable if it is more detailed than the GDPR or does the GDPR prevail anyway.

Holding[edit | edit source]

The Court of Appeal agrees with the Court of First Instance's finding that the direct application of the GDPR does not constitute a violation of Article 6 (1) (c) as a misdemeanor, with the result that the GDPR from the point of view of misdemeanor law, as part of criminal law, is more lenient for the perpetrator and the court is justified in applying the principle of legality from the second paragraph of Article 2 of ZP-1 on the basis of point 1 of the first paragraph of Article 136.

Comment[edit | edit source]

Share your comments here!

Further Resources[edit | edit source]

Share blogs or news articles here!

English Machine Translation of the Decision[edit | edit source]

The decision below is a machine translation of the Slovenian original. Please refer to the Slovenian original for more details.

Higher Court in Ljubljana
Misdemeanor Department

VSL Judgment PRp 345/2019
ECLI: SI: VSLJ: 2020: PRP.345.2019
Registration number: VSL00035084
Date of decision: 18.06.2020
Senate, single judge: Živa Bukovac (president), Boštjan Kovič (report), Anton Panjan
Area: OFFENSES - PROTECTION OF PERSONAL DATA
Institute: existence of a misdemeanor - principle of legality - milder regulation - request for judicial protection - appeal of a misdemeanor authority - processing of personal data - transmission of personal data to a lawyer - duty to provide data
Sail

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC, which is to be applied directly, c) the first paragraph of Article 6 replaces Article 8 of ZVOP-1.

The provision of the first paragraph of Article 10 of the ZOdv regulates when the obligation to provide personal data to a lawyer applies and when it is legal for a lawyer to obtain personal data; if the controller and the processor act in accordance with that provision, then such conduct shall be in accordance with the lawfulness of the processing referred to in point (c) of Article 6 (1) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC; contrary conduct means a violation of this provision, which in the circumstances of a specific case must be applied directly and for the violation of which the Decree in point a) of the fifth paragraph of Article 83 prescribes administrative and not punitive sanctioning.
Theorem

The appeal is dismissed as unfounded and the judgment of the court of first instance is upheld.
Justification

1. By the impugned judgment, the District Court in Ljubljana granted the request for judicial protection of the lawyer of the responsible person of the legal entity and amended the decision on misdemeanor so that the procedure on misdemeanor against the responsible person of the legal entity for 51 misdemeanors under Article 91 (2) personal data (ZVOP-1) in connection with point 1 of the first paragraph of Article 91 of ZVOP-1, as described in point 1 of the decision on misdemeanors, on the basis of point 1 of the first paragraph of Article 136 of the Misdemeanors Act (ZP-1) stopped (point I of the operative part), granted the request for judicial protection of the legal entity's defense counsel and changed the decision on the misdemeanor so that the misdemeanor proceedings against the legal entity, due to 51 misdemeanors under point 1 of the first paragraph of Article 91 ZVOP-1, as are described in point 2 of the decision on a misdemeanor, on the basis of point 1 of the first paragraph of Article 136 of ZP-1 stopped (point II of the operative part). It also decided on the costs of the misdemeanor proceedings, which it imposed on the budget (point III of the operative part).

2. The misdemeanor authority appeals against the judgment for violating the substantive provisions of the law regarding the question whether the act for which the proceedings were initiated is a misdemeanor, which is the ground of appeal under point 2 of Article 154 in connection with point 1 of Article 156 ZP -1. He claims that the High Court should uphold the appeal and set aside or amend the judgment under appeal.

3. The lawyer of the legal and responsible person opposes the appeal and proposes its rejection and confirmation of the judgment of the court of first instance.

4. The appeal is unfounded.

5. The misdemeanor body found the legal and responsible person responsible for the services of 51 misdemeanors under point 1 of the first paragraph of Article 91 of ZVOP-1, which he allegedly committed by being the responsible person of the legal person who was authorized as a legal person. to perform the work of a lawyer, in the period between April 2016 and 18 January 2017, pursuant to Article 10 of the Law on Advocacy (ZOdv) as a representative of A. plc, obtained personal data, ie names, surnames, addresses of residence, EMŠO and weight of motor vehicles , on 51 owners of motor vehicles registered in the Republic of Slovenia, and forwarded the data thus obtained to A. plc to send reminders for the payment of receivables to these owners or users of motor vehicles, thus obtaining personal data of owners or users of vehicles contrary to Article 10 of the ZOdv, as he did not acquire them for the purpose of practicing law in individual cases, but acquired them only for the purpose of forwarding them to A. plc, as to him and the legal person by an individual other creditor or company A. plc, apart from obtaining personal data, was not ordered to perform any act of the legal profession in an individual case for which he would need the obtained personal data.

6. The Court of First Instance considered that the conclusion of the proceedings on 25 May 2018 that Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (hereinafter the General Regulation), which replaced Article 8 of the first paragraph of Article 6 of ZVOP-1 by the provision of point c) of the first paragraph of Article 6. several misdemeanors under point 1 of the first paragraph of Article 91 of ZVOP-1, as the General Decree for violation of point c) of the first paragraph of Article 6 provides for the imposition of an administrative fine and does not define such an act as a misdemeanor. 2 of ZP-1 used the General Regulation as a regulation that is more lenient for the perpetrator because it excludes a misdemeanor.

7. The Information Commissioner does not agree with the court's assessment and considers that the General Regulation did not replace the provision of Article 8 of ZVOP-1, which is still applicable and whose violation constitutes an offense under point 1 of the first paragraph of Article 91 of ZVOP-1. stipulates that a fine of EUR 4,170 to 12,510 shall be imposed on a legal person, sole proprietor or self-employed person if he processes personal data without having a basis in law or with the personal consent of the individual. In the complaint, the Information Commissioner refers to the non-binding opinion of the Ministry of Justice in the First System Explanatory Notes at the beginning of the development of the application of the new European legislation on personal data protection (General Data Protection Regulation - GDPR and related Directive) of 28 May 2018. assessment that most of the provisions of ZVOP-1 on the processing of personal data cease to apply, except for the provisions of articles which are not regulated by the General Data Protection Regulation or which the Republic of Slovenia may still regulate otherwise, among which the Ministry also includes Article 8 of ZVOP-1. 1, which stipulates in the first paragraph that personal data may be processed only if the processing of personal data and personal data being processed is stipulated by law or if the personal consent of the individual is given for the processing of certain personal data, and the second paragraph stipulates that the purpose of the processing of personal data must be determined by law, and in the case of processing on the basis of the personal consent of the individual, the the subject is informed in advance in writing or in another appropriate manner of the purpose of the processing of personal data.



3989/5000
Zeichenbeschränkung: 5000
8. A general regulation is a legally binding act and must be fully applied in all EU countries. National authorities must ensure its proper use. Article 6 of the General Regulation regulates the lawfulness of processing and stipulates in point c) of the first paragraph that processing is lawful only insofar as the condition that the processing is necessary to fulfill the legal obligation applicable to the controller is met. The general regulation in Article 6 (2) does provide that Member States may maintain or introduce more detailed provisions in order to adapt the application of the rules of this regulation concerning the processing of personal data to ensure compliance (inter alia) with point (c) of the first paragraph. to further specify the specific processing requirements and other measures to ensure lawful and fair processing. However, this does not mean that a Member State may otherwise regulate the lawfulness of the processing referred to in Article 6 (1) (c) of the General Regulation indefinitely, as it requires that it maintain or introduce more detailed provisions to adapt the application of the rules of this Regulation. In view of the above, it is not possible to follow the position that Article 8 of ZVOP-1 has been retained in force in each case, but this depends on the circumstances of the specific case. In the specific case, the legal and responsible person is accused of violating the provision of Article 8 of ZVOP-1 because the responsible person obtained personal data of vehicle owners or users in contravention of Article 10 of ZOdv. In the first paragraph, it determines when the controller is considered to be required to fulfill a legal obligation, as it stipulates that state bodies, bodies of self-governing local communities and holders of public authority are obliged to give free of charge to a lawyer without the consent of the data subject. the information he needs in the practice of the legal profession in an individual case. That provision therefore regulates when the obligation to provide personal data to a lawyer applies and when it is lawful for a lawyer to obtain personal data and if the controller and processor act in accordance with that provision, then such conduct is in accordance with the lawfulness of processing in point c) of the first paragraph 6. Article 2 of the General Regulation, and acting contrary means a violation of this provision, which in the circumstances of a specific case must be applied directly and for the violation of which the General Regulation in point a) of the fifth paragraph of Article 83 prescribes administrative and not punitive sanctions. The imposition of administrative fines, as prescribed by the General Regulation, has not been transposed into the national legal order of the Republic of Slovenia, as ZP-1 as well as the misdemeanor regulation do not regulate the manner of imposing administrative fines in misdemeanor proceedings, which is unfounded. that it should take into account the fact that the General Regulation prescribes a significantly higher administrative fine than the prescribed fine in ZVOP-1 and that for this reason the court of first instance incorrectly applied the provision of the second paragraph of Article 2 of ZP-1.

9. For the foregoing reasons, the Court of Appeal agrees with the Court of First Instance's finding that the General Regulation, to be applied directly, does not constitute a violation of Article 6 § 1 (c) as a misdemeanor, with the result that the General Regulation from the point of view of misdemeanor law, which is part of criminal law, is more lenient for the perpetrator and the court is justified in applying the principle of legality from the second paragraph of Article 2 of ZP-1 on the basis of point 1 of the first paragraph of Article 136. Therefore, on the basis of the third paragraph of Article 163 of ZP-1, the High Court rejected the appeal as unfounded and upheld the judgment of the court of first instance.


Relationship:

ZVOP-1 Articles 8, 91, 91/1, 91 / 1-1, 91/2. ZP-1 Article 2, 2/2, 136, 136/1, 136 / 1-1. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC Art. 6, 6/1, 6/1-c , 6/2. ZOdv Article 10, 10/1

Date of last change:
    07/30/2020