Access to European Union law
<a href="https://eur-lex.europa.eu/content/help/eurlex-content/experimental-features.html" target="_blank">More about the experimental features corner</a>
Choose the experimental features you want to try
EUR-Lex
Access to European Union law

This document is an excerpt from the EUR-Lex website

You are here
Use quotation marks to search for an "exact phrase". Append an asterisk (*) to a search term to find variations of it (transp*, 32019R*). Use a question mark (?) instead of a single character in your search term to find variations of it (ca?e finds case, cane, care).
Search tips
Need more search options? Use the Advanced search

Document 62010CJ0614

    Summary of the Judgment

    Case C-614/10

    European Commission

    v

    Republic of Austria

    ‛Failure of a Member State to fulfil obligations — Directive 95/46/EC — Processing of personal data and free movement of such data — Protection of natural persons — Article 28(1) — National supervisory authority — Independence — Supervisory authority and the Federal Chancellery — Personal and organisational links’

    Summary – Judgment of the Court (Grand Chamber), 16 October 2012

    1. Approximation of laws — Protection of natural persons with regard to the processing of personal data — Directive 95/46 — National supervisory authorities — Requirement of independence — Scope — National legislation providing for personal and organisation links between the authority and the State — Not permissible — Failure to fulfil obligations

      (European Parliament and Council Directive 95/46, Art. 28(1) second para.)

    2. Approximation of laws — Protection of natural persons with regard to the processing of personal data — Directive 95/46 — National supervisory authorities — Requirement of independence — Scope — Requirement of a separate budget — Lack

      (European Parliament and Council Regulation No 45/2001, Art. 43(3); European Parliament and Council Directive 95/46, Art. 28(1) second para.)

    1.  The words ‘with complete independence’ in the second subparagraph of Article 28(1) of Directive 95/46 on the protection of individuals with regard to the processing of personal data and on the free movement of such data must be interpreted as meaning that the supervisory authorities for the protection of personal data must enjoy an independence which allows them to perform their duties free from external influence. In that regard, the fact that such an authority has functional independence in so far as its members are independent and are not bound by instructions of any kind in the performance of their duties is not by itself sufficient to protect that supervisory authority from all external influence. The independence required under the second subparagraph of Article 28(1) of Directive 95/46 is intended to preclude not only direct influence, in the form of instructions, but also any indirect influence which is liable to have an effect on the supervisory authority’s decisions. Moreover, in the light of the role assumed by the supervisory authorities as guardians of the right to privacy, the second subparagraph of Article 28(1) requires that their decisions, and therefore the authorities themselves, remain above all suspicion of partiality.

      Consequently, a Member State fails to fulfil its obligations under the second subparagraph of Article 28(1) of Directive 95/46 by failing to take all of the measures necessary to ensure that the national legislation meets the requirement of independence with regard to the supervisory authority, more specifically by laying down a regulatory framework under which

      – its managing member is a federal official subject to supervision,

      – its office is integrated with the departments of the Federal Chancellery, and

      – the Federal Chancellor has an unconditional right to information covering all aspects of the work of the authority.

      (see paras 41-43, 52, 66, operative part)

    2.  In order to be able to satisfy the criterion of independence set out in the second subparagraph of Article 28(1) of Directive 95/46 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, a national supervisory authority for the protection of personal data need not be given a separate budget, such as that provided for in Article 43(3) in Regulation No 45/2001 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data. Member States are not obliged to reproduce in their national legislation provisions similar to those of Chapter V of Regulation No 45/2001 in order to ensure the total independence of their respective supervisory authorities and they can therefore provide that, from the point of view of budgetary law, the supervisory authorities are to come under a specified ministerial department. However, the attribution of the necessary equipment and staff to such authorities must not prevent them from acting ‘with complete independence’ in exercising the functions entrusted to them within the meaning of the second subparagraph of Article 28(1) of Directive 95/46.

      (see para. 58)

    Top

    Case C-614/10

    European Commission

    v

    Republic of Austria

    ‛Failure of a Member State to fulfil obligations — Directive 95/46/EC — Processing of personal data and free movement of such data — Protection of natural persons — Article 28(1) — National supervisory authority — Independence — Supervisory authority and the Federal Chancellery — Personal and organisational links’

    Summary – Judgment of the Court (Grand Chamber), 16 October 2012

    1. Approximation of laws — Protection of natural persons with regard to the processing of personal data — Directive 95/46 — National supervisory authorities — Requirement of independence — Scope — National legislation providing for personal and organisation links between the authority and the State — Not permissible — Failure to fulfil obligations

      (European Parliament and Council Directive 95/46, Art. 28(1) second para.)

    2. Approximation of laws — Protection of natural persons with regard to the processing of personal data — Directive 95/46 — National supervisory authorities — Requirement of independence — Scope — Requirement of a separate budget — Lack

      (European Parliament and Council Regulation No 45/2001, Art. 43(3); European Parliament and Council Directive 95/46, Art. 28(1) second para.)

    1.  The words ‘with complete independence’ in the second subparagraph of Article 28(1) of Directive 95/46 on the protection of individuals with regard to the processing of personal data and on the free movement of such data must be interpreted as meaning that the supervisory authorities for the protection of personal data must enjoy an independence which allows them to perform their duties free from external influence. In that regard, the fact that such an authority has functional independence in so far as its members are independent and are not bound by instructions of any kind in the performance of their duties is not by itself sufficient to protect that supervisory authority from all external influence. The independence required under the second subparagraph of Article 28(1) of Directive 95/46 is intended to preclude not only direct influence, in the form of instructions, but also any indirect influence which is liable to have an effect on the supervisory authority’s decisions. Moreover, in the light of the role assumed by the supervisory authorities as guardians of the right to privacy, the second subparagraph of Article 28(1) requires that their decisions, and therefore the authorities themselves, remain above all suspicion of partiality.

      Consequently, a Member State fails to fulfil its obligations under the second subparagraph of Article 28(1) of Directive 95/46 by failing to take all of the measures necessary to ensure that the national legislation meets the requirement of independence with regard to the supervisory authority, more specifically by laying down a regulatory framework under which

      – its managing member is a federal official subject to supervision,

      – its office is integrated with the departments of the Federal Chancellery, and

      – the Federal Chancellor has an unconditional right to information covering all aspects of the work of the authority.

      (see paras 41-43, 52, 66, operative part)

    2.  In order to be able to satisfy the criterion of independence set out in the second subparagraph of Article 28(1) of Directive 95/46 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, a national supervisory authority for the protection of personal data need not be given a separate budget, such as that provided for in Article 43(3) in Regulation No 45/2001 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data. Member States are not obliged to reproduce in their national legislation provisions similar to those of Chapter V of Regulation No 45/2001 in order to ensure the total independence of their respective supervisory authorities and they can therefore provide that, from the point of view of budgetary law, the supervisory authorities are to come under a specified ministerial department. However, the attribution of the necessary equipment and staff to such authorities must not prevent them from acting ‘with complete independence’ in exercising the functions entrusted to them within the meaning of the second subparagraph of Article 28(1) of Directive 95/46.

      (see para. 58)

    Top