VSRS Sklep I Upr 1/2020: Difference between revisions

From GDPRhub
No edit summary
No edit summary
Line 1: Line 1:
{| class="wikitable" style="width: 25%; margin-left: 10px; float:right;"
{| class="wikitable" style="width: 25%; margin-left: 10px; float:right;"
! colspan="2" | VSRS Sklep I Upr 1/2020
! colspan="2" |VSRS Sklep I Upr 1/2020
|-
|-
|Court:||[[:Category:VSRS (Slovenia)|VSRS (Slovenia)]] [[Category:VSRS (Slovenia)]]
|Court:||[[:Category:VSRS (Slovenia)|VSRS (Slovenia)]]
[[Category:VSRS (Slovenia)]]
|-
|-
|Jurisdiction:||[[Data Protection in Slovenia|Slovenia]] [[Category:Slovenia]]
|Jurisdiction:||[[Data Protection in Slovenia|Slovenia]]
[[Category:Slovenia]]
|-
|-
|Relevant Law:||Data Protection Act (ZVOP-1)
|Relevant Law:||Data Protection Act (ZVOP-1)
Line 15: Line 17:
|Parties:||anonymous
|Parties:||anonymous
|-
|-
|National Case Number:||VSRS Sklep I Upr 1/2020 (VS00032203)  
|National Case Number:||VSRS Sklep I Upr 1/2020 (VS00032203)
|-
|-
|European Case Law Identifier:||<small>ECLI:SI:VSRS:2020:I.UPR.1.2020</small>
|European Case Law Identifier:||<small>ECLI:SI:VSRS:2020:I.UPR.1.2020</small>
Line 24: Line 26:
[[Category:Slovenian]]
[[Category:Slovenian]]
|-
|-
|Original Source:|| [http://www.sodnapraksa.si/search.php?q=ZVOP&database%5bSOVS%5d=SOVS&database%5bIESP%5d=IESP&database%5bUPRS%5d=UPRS&database%5bNEGM%5d=NEGM&_submit=i%C5%A1%C4%8Di&order=date&direction=asc&rowsPerPage=20&page=16&id=2015081111436184Sodna Praksa (in SI)]
|Original Source:||[http://www.sodnapraksa.si/search.php?q=ZVOP&database%5bSOVS%5d=SOVS&database%5bIESP%5d=IESP&database%5bUPRS%5d=UPRS&database%5bNEGM%5d=NEGM&_submit=i%C5%A1%C4%8Di&order=date&direction=asc&rowsPerPage=20&page=16&id=2015081111436184Sodna Praksa (in SI)]
|}
|}


The Supreme Court of Slovenia while ruling on a jurisdictional dispute found that the Data Protection Act (ZVOP-1) is not applicable when a request for information is submitted by a company.   
The Supreme Court of Slovenia while ruling on a jurisdictional dispute found that the Data Protection Act (ZVOP-1) is not applicable when an acces request is submitted by a company.   


==English Summary==
==English Summary==

Revision as of 14:11, 20 May 2020

VSRS Sklep I Upr 1/2020
Court: VSRS (Slovenia)
Jurisdiction: Slovenia
Relevant Law: Data Protection Act (ZVOP-1)
Decided: 26.2.2020
Published: n/a
Parties: anonymous
National Case Number: VSRS Sklep I Upr 1/2020 (VS00032203)
European Case Law Identifier: ECLI:SI:VSRS:2020:I.UPR.1.2020
Appeal from: Uknown
Language: Slovenian
Original Source: Praksa (in SI)

The Supreme Court of Slovenia while ruling on a jurisdictional dispute found that the Data Protection Act (ZVOP-1) is not applicable when an acces request is submitted by a company.

English Summary

Facts

The applicant brought an action against the defendant in the Ljubljana District Court, requesting that the defendant, a Bank, provide him with all identifying information about the recipients of transfers made against a particular transaction account held by the claimant's debtor. The District Court ruled that it had no material jurisdiction and remitted the case to the Administrative Court by referring to the Data Protection Act (ZVOP-1) and stating that the applicant acts as data subject and the defendant (bank) as a data controller. The claimant modified its claim. The Administrative Court dismissed the action.

Dispute

The dispute regarded the competence of the Administrative and District Court. The question was whether it is a private-law dispute between two civil persons, or a dispute which the administrative court is competent to decide as a specialized court.

Holding

The Supreme Court found that the District Court of Ljubljana is competent to decide the case. As to what is important to us ZVOP is not applicable because both the plaintiff and the defendant are companies.

Comment

Share your comment here!

Further Resources

Share blogs or news articles here!

English Machine Translation of the Decision

The decision below is a machine translation of the original. Please refer to the Slovenian original for more details.

Record number: VS00032203
Decision date: 02/26/2020
Senate: Peter Golob (Pres.), M.Sc. Tatjana Steinman (Report), Vladimir Balazic
Subject matter: PUBLIC LAW - CIVIL PROCEDURAL LAW - ADMINISTRATIVE DISPUTE - PROTECTION OF PERSONAL DATA
Institute: Provision of personal information to the creditor - Bank as the person liable to provide information - Jurisdiction dispute - Jurisdiction dispute between the District Court and the Administrative Court - Not an administrative dispute - Economic dispute
Sail

The defendant, as a bank, does not issue administrative acts, so it does not decide on the provision of the required information by an administrative act.

In the present case, this is not a dispute under Articles 2 and 4 of ZUS-1, for which the Administrative Court of the Republic of Slovenia would have jurisdiction as a specialized court for administrative disputes.

The jurisdiction of the Administrative Court is not determined by Article 34 of ZVOP-1 for enforcing the obligation to provide data, although such an obligation is also stipulated by this Act. Article 34 provides for judicial protection in an administrative dispute only to an individual who finds that his / her rights established by this Act have been violated.

Since ZVOP-1 does not define the jurisdiction of the Administrative Court as a specialized court for deciding on a claim, only a court of general jurisdiction can be competent under Article 1 of the ZPP.
Theorem

The District Court of Ljubljana is competent to decide the case.
Justification

The process so far

1. The applicant brought an action against the defendant in the Ljubljana District Court, requesting that the defendant provide him with all identifying information about the recipients of transfers made against a particular transaction account held by the claimant's debtor. (hereinafter referred to as the debtor). She stated that she had a final and enforceable enforcement order, on the basis of which the debtor would have to pay her the amount stated therein, and before the final decision on the execution, the debtor transferred money from her account to an unknown third party's account and died shortly thereafter.
2. By a decision of 27 February 2017, the District Court ruled that it had no material jurisdiction and remitted the case to the Administrative Court. In doing so, it referred to the provisions of the Personal Data Protection Act (hereinafter ZVOP-1) and stated that the applicant was acting as a data user and the defendant as a data controller. The applicant's appeal against this decision was dismissed by the High Court and the case was referred to the Administrative Court. Consequently, the plaintiff modified the application or claim, requesting that the Administrative Court rule that the defendant is obliged to provide the plaintiff with all identifying information about the recipients of the remittances available to him or her for the transactions specified therein, or in the alternative, order the Administrative Court to dismiss the letters (indicated therein) dated 26 April 2014, 8 July 2015, 29 July 2015, 2 September 2015 and 26 November 2015 and remit the case to the defendant for retrial .

3. By judgment of I U 1854/2017 of 22.11.2017, the Administrative Court upheld the applicant's action by stating that letter no. 4487 / B.Podjed-3/83 of 26 November 2015, dismissed and remanded the case to the defendant for reconsideration.

4. The defendant lodged an appeal against the judgment of the court of first instance (which the Supreme Court allowed by order X DoR 6/2018 of 18.4.2018) and the Supreme Court by decision X Ips 24/2018 of 13. 11. On 2019, the Court granted the review and the judgment of the Administrative Court IU 1854 / 2017-42 of 22 January 2017 (which was based on the erroneous assessment that the administrative act was challenged in the present case) set aside and remitted the case to the court of first instance for a new trial. In the explanation of this order, the Supreme Court explained that banks are not obliged to make decisions in the administrative procedure, ie to issue decisions with all the components in accordance with the General Administrative Procedure Act (hereinafter ZUP), since Article 97 of the Banking Act (hereinafter referred to as ZBan- 2) it does not provide a basis for concluding that by obtaining a license to provide these services, the bank acquires the status of a public service provider, and ZVOP-1 does not provide a legal basis for deciding on requests or requests for personal data transmission to private entities (data controllers). with administrative decisions based on ZUP.

5. In a repeated proceeding, the Administrative Court of the Republic of Slovenia initiated a dispute over jurisdiction. Referring to the reasons given in the decision of Supreme Court X Ips 24/2018, it considers that it does not have jurisdiction to decide the action and that the decisions of the Ljubljana District Court and the Ljubljana Higher Court are incorrect.
Decision on jurisdiction dispute

6. The District Court of Ljubljana is competent to decide the matter in this case.

7. By an action brought by the applicant before the Ljubljana District Court, to the court of general jurisdiction, requires the defendant to fulfill its duty to provide the data referred to in point 19 of the first paragraph of Article 4 of the Law on Enforcement and Insurance (hereinafter referred to as ZIZ) 1 in relation to the first paragraph of Article 16a of ZIZ.2. immediately, within eight days at the latest, provide the required persons with the required information (Article 4, paragraph 8 of the IPA) It is therefore a statutory obligation of the bank as a legal entity to provide information for enforcement purposes. In doing so, the bank, as the controller of the databases or databases, is obliged to provide the data, at its request, to a creditor who has a legal interest.

8. The plaintiff seeks the fulfillment of the obligation by his action, for which he claims that the provisions of Article 4 of the ZIZ establish it for the defendant. In doing so, the applicant submits, in fact, that the parties to the dispute are in essence the fulfillment of the defendant's obligations arising from another civil law relationship which is alleged to have arisen between the parties pursuant to Article 4 of the IPA. Both plaintiffs and defendants are companies.

9. Neither ZIZ nor ZBan-2 explicitly specify how the judicial protection of the right referred to in the sixth paragraph of Article 4 of the ZIZ shall be exercised if the creditor requests information from the bank, which fails to fulfill this obligation to provide the data.3

10. Pursuant to the first paragraph of Article 1 of the Code of Civil Procedure (hereinafter ZPP), a court of general jurisdiction shall hear and adjudicate in disputes arising from the property and other civil relations of natural and legal persons, unless any of these disputes is within the jurisdiction of a special law. a specialized court or other authority. In the present case, therefore, it is a question of whether it is a private-law dispute between two civil persons, or a dispute which is competent for the administrative court to decide as a specialized court.
11. The Administrative Court, as a specialized court, has jurisdiction to rule on disputes for which this is provided by law. Thus, Article 1 of the Administrative Disputes Act (hereinafter ZUS-1) stipulates that judicial disputes guarantee the rights and legal benefits of individuals and organizations against decisions and actions of state bodies, local authorities and holders of public authority, if no other judicial protection is provided by law for a particular case. The administrative court is therefore competent to adjudicate disputes against public-law acts (or acts) of governing bodies, or persons who, by public authority, perform a public service.

12. The defendant, however, is a bank that is a commercial company and not an authority of a state or local community. As already explained by the Supreme Court in Decision X Ips 24/2018, the defendant does not issue administrative acts as a bank, and therefore does not decide on the provision of the required information by an administrative act. Namely, by obtaining a license to provide banking and financial services, the Bank did not acquire the status of a public service provider either under the provisions of the Banking Act (ZBan-2) or under the provisions of the ZVOP-1, nor was it granted public authority to issue administrative decisions to decide on rights or obligations of natural or legal persons. Therefore, the reference made by the Ljubljana Higher Court to the judgment of the Administrative Court I U 284/2010 is unfounded, since the Administrative Court judged the legality of the administrative act, which it has jurisdiction under the provisions of ZUS-1.

13. The basis for the jurisdiction of the Administrative Court is not even Article 4 of ZUS-1, which otherwise provides for an administrative dispute over interference with human rights and fundamental freedoms, unless other judicial protection is guaranteed. Judicial protection under this provision also applies to acts and actions of the authorities, and the defendant, as explained earlier, is not. Therefore, in the present case, this is not a dispute under Articles 2 and 4 of ZUS-1, for which the Administrative Court of the Republic of Slovenia would have jurisdiction as a specialized court for administrative disputes.
14. The jurisdiction of the Administrative Court to adjudicate the present dispute is not determined even by Article 34 of the PDPA-1. The Ljubljana District Court and the Ljubljana Higher Court, however, based their decision on the lack of jurisdiction of the civil court on the view that the jurisdiction of the Administrative Court is based on the judicial protection provided by the said provision, since the provision of personal data is regulated by ZVOP-1 in Article 22, which that it also includes the rights referred to in the sixth paragraph of Article 4 of the IPA. In the opinion of the Supreme Court, such reasoning is incorrect, since the jurisdiction of the Administrative Court is not determined by Article 34 of ZVOP-1 to enforce the obligation to provide information, although such an obligation is also stipulated by this Act. Article 34 provides for judicial protection in an administrative dispute only to an individual who finds that his / her rights determined by this law have been violated.4 The claim alleging that the defendant does not wish to provide the plaintiff with the information referred to in point 19 of the first paragraph of Article 4 of the IPA, however, it does not constitute an infringement of the rights of an individual within the meaning of Article 34 of the PDPA-1, even if this obligation arises from Article 22 of the PDCA-1. Namely, according to point 2 of Article 6 of ZVOP-1, an individual is defined as an identified or identifiable natural person to whom personal data refers. In the present case, however, the plaintiff is not the kind of individual who would assert a violation of the rights that ZVOP-1 grants to these individuals. The fact that the Administrative Court is expected to rule in a similar case 5 as a competent court does not in itself have the potential to affect a different position of the Supreme Court.

15. Since ZVOP-1 also does not determine the jurisdiction of the Administrative Court as a specialized court for adjudicating on a claim, as claimed by the plaintiff, therefore, only a court of general jurisdiction can have jurisdiction under Article 1 of the ZPP. As the plaintiff and defendant in the present case are companies, in accordance with the provisions of point 1 of the first paragraph of Article 481 of the CPA, in relation to the point 7 of the second paragraph of Article 32 of the CPA, and in accordance with Article 48 of the CPA, the District Court of Ljubljana has jurisdiction.

16. In view of the above, the Supreme Court has ruled on the basis of the third paragraph of Article 12 of ZUS-1, as stated in the operative part.