Access to European Union law
<a href="https://eur-lex.europa.eu/content/help/eurlex-content/experimental-features.html" target="_blank">More about the experimental features corner</a>
Choose the experimental features you want to try
EUR-Lex
Access to European Union law

This document is an excerpt from the EUR-Lex website

You are here
Use quotation marks to search for an "exact phrase". Append an asterisk (*) to a search term to find variations of it (transp*, 32019R*). Use a question mark (?) instead of a single character in your search term to find variations of it (ca?e finds case, cane, care).
Search tips
Need more search options? Use the Advanced search

Document 62023TN0183

    Case T-183/23: Action brought on 7 April 2023 — Ballmann v EDPB

    OJ C 223, 26.6.2023, p. 31–32 (BG, ES, CS, DA, DE, ET, EL, EN, FR, GA, HR, IT, LV, LT, HU, MT, NL, PL, PT, RO, SK, SL, FI, SV)

    26.6.2023   

    EN

    Official Journal of the European Union

    C 223/31

    Action brought on 7 April 2023 — Ballmann v EDPB

    (Case T-183/23)

    (2023/C 223/43)

    Language of the case: English

    Parties

    Applicant: Lisa Ballmann (Innsbruck, Austria) (represented by: F. Mikolasch, lawyer)

    Defendant: European Data Protection Board

    Form of order sought

    The applicant claims that the Court should:

    annul the decision of the European Data Protection Board (‘the EDPB’) of 7 February 2023 refusing access by the applicant to the file concerning the Binding Decision 3/2022 of the EDPB on the dispute submitted by the Irish Supervisory Authority on Meta Platforms Ireland Limited and its Facebook service (Article 65 General Data Protection Regulation (‘the GDPR’) (1)), pursuant to Article 41(2)(b) of the Charter of Fundamental Rights of the EU; and

    order the EDPB to bear the costs of the proceedings.

    Pleas in law and main arguments

    In support of the action, the applicant relies on a single plea in law, alleging that the EDPB violated Article 41(2)(b) of the Charter of Fundamental Rights of the EU (‘the Charter’)

    The EDPB violated Article 41(2)(b) of the Charter when it rejected the applicant’s request to access the file concerning the EDPB’s Binding Decision 3/2022 on the grounds that the complainants (the applicant and her representative under Article 80(1) GDPR non-profit NOYB-European Center for Digital Rights) are not entitled to a right of access to the file because they were not likely to be adversely affected by the Binding Decision 3/2022;

    Other than under Article 41(2)(a) of the Charter, ‘adverse affect’ is not an element of Article 41(2)(b) of the Charter and therefore does not need to be fulfilled;

    The applicant seeks access to ‘her file’ under Article 41(2)(b) of the Charter. The case directly deals with her personal complaint under Article 77 GDPR against Meta on her personal data. Binding Decision 3/2022 refers to the ‘complaint’ and the ‘complainant’ more than 160 times. The EDPB itself holds in the Binding Decision 3/2022 that the Draft Decision at issue relates to a ‘complaint-based inquiry’, whereas the complaint was lodged by the applicant. The Binding Decision 3/2022 refers to both the applicant and the non-profit NOYB — European Center for Digital Rights, who represented her under Article 80(1) GDPR, as the ‘complainant’;

    The Article 41(2)(b) Charter right to access the file is a stand-alone right. Article 41 of the Charter clearly differentiates the right to access the file from the right to be heard. The scope and the objective of these rights are different. The latter is mostly a defensive right. The right to access the file, on the other hand, is also an aspect of equality of arms and the right to an effective remedy. The Court of Justice itself addresses the entitlement to each of the two rights separately and does not condition the right to access the file on the right to be heard;

    Even if ‘adverse affect’ would be an element of Article 41(2)(b) of the Charter (which it is not) this condition would be met, given that:

    only one claim out of nine claims of 9 September 2019 by the complainant was partially decided (the claim was limited from any form of ‘advertisement’ to only ‘behavioural advertisement’) by the EDPB’s Binding Decision 3/2022 and the rest of the claims from the complaint have not been addressed by the EDPB;

    there is a now a live dispute between the Austrian and Irish supervisory authorities on whether the matters are still pending before them, the EDPB or if these claims were at some level of the process rejected, and there is live litigation between the complainant and the supervisory authorities on this matter before the Irish and Austrian courts; and

    the complainant cannot understand the procedure that led to the EDPB only partially deciding on one claim without having access to the files, while the Austrian and Irish supervisory authorities rely on the EDPB decision.

    (1)  Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (OJ 2016 L 119, p. 1).

    Top