Choose the experimental features you want to try

This document is an excerpt from the EUR-Lex website

Document 62023CN0416

    Case C-416/23, Österreichische Datenschutzbehörde: Request for a preliminary ruling from the Verwaltungsgerichtshof (Austria) lodged on 6 July 2023 — Österreichische Datenschutzbehörde

    OJ C, C/2023/12, 9.10.2023, ELI: http://data.europa.eu/eli/C/2023/12/oj (BG, ES, CS, DA, DE, ET, EL, EN, FR, GA, HR, IT, LV, LT, HU, MT, NL, PL, PT, RO, SK, SL, FI, SV)

    ELI: http://data.europa.eu/eli/C/2023/12/oj

    European flag

    Official Journal
    of the European Union

    EN

    Series C


    C/2023/12

    9.10.2023

    Request for a preliminary ruling from the Verwaltungsgerichtshof (Austria) lodged on 6 July 2023 — Österreichische Datenschutzbehörde

    (Case C-416/23, Österreichische Datenschutzbehörde)

    (C/2023/12)

    Language of the case: German

    Referring court

    Verwaltungsgerichtshof

    Parties to the main proceedings

    Appellant: Österreichische Datenschutzbehörde

    Other party: FR

    Questions referred

    1.

    Must the concept of ‘requests’ or ‘request’ in Article 57(4) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation — GDPR) (1) be interpreted as meaning that it also covers ‘complaints’ under Article 77(1) of the GDPR?

    2.

    If Question 1 is answered in the affirmative:

    Must Article 57(4) of the GDPR be interpreted as meaning that, for requests to be ‘excessive’, it is sufficient that a data subject has merely addressed a certain number of requests (complaints under Article 77(1) of the GDPR) to a supervisory authority within a certain period of time, irrespective of whether the facts are different and/or whether the requests (complaints) concern different controllers, or is an abusive intention on the part of the data subject required in addition to the frequent repetition of requests (complaints)?

    3.

    Must Article 57(4) of the GDPR be interpreted as meaning that, in the case of a ‘manifestly unfounded’ or ‘excessive’ request (complaint), the supervisory authority is free to choose whether to charge a reasonable fee based on the administrative costs of processing it or refuse to process it from the outset? If not, which circumstances and criteria must the supervisory authority take into account? In particular, is the supervisory authority obliged to charge a reasonable fee primarily, as a less severe measure, and entitled to refuse to process manifestly unfounded or excessive requests (complaints) only in the event that charging a fee to prevent such requests is futile?


    (1)   OJ 2016 L 119, p. 1.


    ELI: http://data.europa.eu/eli/C/2023/12/oj

    ISSN 1977-091X (electronic edition)


    Top