Case law Commission vs Germany

The case between the European Commission and Germany regarding GDPR transposition involved a failure by Germany to fulfill obligations under Directive 95/46/EC. The European Court of Justice found that Germany had incorrectly transposed the requirement for authorities to perform their functions with complete independence. The case highlighted the importance of the independence of national supervisory authorities to ensure effective and reliable data protection supervision. The Court emphasized that supervisory authorities must act objectively and impartially, free from external influences, including those of the State or other entities they oversee. This independence is crucial for consistent data protection across Member States and the functioning of the internal market

what is article 28(1) of directive 95/46/EC

Article 28(1) of Directive 95/46/EC mandates that each Member State must ensure that one or more public authorities are responsible for monitoring the application of the provisions adopted by the Member States pursuant to the Directive. These supervisory authorities must act with complete independence in carrying out their functions. Additionally, the supervisory authorities should be consulted when developing administrative measures or regulations related to the protection of individuals' rights and freedoms concerning the processing of personal data. They are required to possess investigative powers, effective powers of intervention, and other necessary tools to perform their supervisory duties effectively

Summary of the Case:

The case of European Commission vs. Federal Republic of Germany revolved around the independence of the Supervisory Authority responsible for overseeing compliance with the Data Protection Directive. Germany was found to have failed to fulfill its obligations under Article 28(1) of Directive 95/46/EC by not ensuring the complete independence of the supervisory authorities responsible for data protection.

Outcome:

The European Court of Justice (ECJ) ruled that Germany had not correctly transposed the requirement of "complete independence" of the supervisory authorities, as mandated by Article 28(1) of Directive 95/46/EC. The ECJ found that Germany's system subjected supervisory authorities to state scrutiny, risking political influence and lacking the necessary independence.

Facts:

Germany's laws differentiated between supervising data processing by public bodies and non-public bodies.

The case highlighted the issue of independence of supervisory authorities and the risk of political influence.

The ECJ emphasized the need for supervisory authorities to act objectively and impartially, free from external influences.

Decision Overview:

The ECJ's decision underscored the importance of ensuring the independence of supervisory authorities responsible for data protection. It clarified that the purpose of independence was to enhance the protection of individuals and entities affected by their decisions, emphasizing the need for objectivity and impartiality in carrying out their duties.