readenglishbook.com » Law » GDPR Articles With Commentary & EU Case Laws, Adv. Prashant Mali [books to read as a couple .txt] 📗

Book online «GDPR Articles With Commentary & EU Case Laws, Adv. Prashant Mali [books to read as a couple .txt] 📗». Author Adv. Prashant Mali



1 ... 21 22 23 24 25 26 27 28 29 ... 71
Go to page:
subsequent changes must be notified to the Commission without delay.

The Directive contained an essential element of data protection: the establishment in each Member State of a supervisory authority responsible for monitoring the application of the personal data protection legislation on its territory. The second paragraph of Article 28 of the Directive already stated that the tasks entrusted to these authorities should be carried out independently. The Member States have each created a national supervisory authority for the protection of personal data.


Art. 52 GDPR Independence

Each supervisory authority shall act with complete independence in performing its tasks and exercising its powers in accordance with this Regulation.

The member or members of each supervisory authority shall, in the performance of their tasks and exercise of their powers in accordance with this Regulation, remain free from external influence, whether direct or indirect, and shall neither seek nor take instructions from anybody.

Member or members of each supervisory authority shall refrain from any action incompatible with their duties and shall not, during their term of office, engage in any incompatible occupation, whether gainful or not.

Each Member State shall ensure that each supervisory authority is provided with the human, technical and financial resources, premises and infrastructure necessary for the effective performance of its tasks and exercise of its powers, including those to be carried out in the context of mutual assistance, cooperation and participation in the Board.

Each Member State shall ensure that each supervisory authority chooses and has its own staff, which shall be subject to the exclusive direction of the member or members of the supervisory authority concerned.

Each Member State shall ensure that each supervisory authority is subject to financial control which does not affect its independence and that it has separate, public annual budgets, which may be part of the overall state or national budget.



Suitable Recitals

(117) Establishment of supervisory authorities; (118) Monitoring of the supervisory authorities; (120) Features of supervisory authorities; (121) Independence of the supervisory authorities.

COMMENTARY:

Article 52 is intended to clarify the conditions guaranteeing the independence of the supervisory authorities, in accordance with the case law of the Court of Justice of the European Union (CJEU, 9 March 2010, C-518/07), and also on the basis of Article 44 of Regulation (EC) No. 45/200135.

In this case, the Court considered that the Federal Republic of Germany had failed to fulfill the obligations imposed under Article 28, paragraph 1, second subparagraph of Directive 95/46 by submitting to the guardianship of the State the supervisory authorities competent for monitoring the personal data processing by the non-public sector in the different countries, thus transposing incorrectly the requirement that these authorities exercise their tasks “with complete independence”.

Furthermore, Regulation (EC) No. 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data provides in details the conditions of independence of the European data protection controller.

Article 52 codifies that the supervisory authority of each Member State shall act with complete independence in performing its tasks and exercising its powers, in accordance with this Regulation. Accordingly, the second paragraph of Article 52 specifies that member or members of each supervisory authority shall, in the performance of their tasks and exercise of their powers, remain free from external influence, whether direct or indirect, and shall neither seek nor take instructions from anybody.

The third paragraph obliges the members of the supervisory authority to refrain from any action incompatible with their duties and shall not, during their term of office, engage in any incompatible occupation, whether profitable or not (Art. 52 (3)). Pursuant to paragraph 4, each Member State shall ensure that each supervisory authority is provided with the staff, technical and financial resources, premises and infrastructure necessary for the effective performance of its tasks and exercise of its powers, including those to be carried out in the context of mutual assistance, cooperation and participation in the European Data Protection Board.

Each supervisory authority must also be able to choose and have its own staff, which shall be subject to the exclusive direction of the member or members of the supervisory authority concerned.

Finally, as stated in recital 118, the independence of supervisory authorities should not mean that the supervisory authorities cannot be subject to control or monitoring mechanisms regarding their financial management. Accordingly, Article 52, paragraph 6 provides that each supervisory authority is subject to financial control, which does not affect its independence. For this purpose, each supervisory authority shall have a separate, public annual budget, which may be part of the overall state or national budget. According to Article 28, paragraph 1, second subparagraph of the Directive, the national authorities shall act with complete independence in exercising the functions entrusted to them.


Art. 53 GDPR General conditions for the members of the supervisory authority

Member States shall provide for each member of their supervisory authorities to be appointed by means of a transparent procedure by:

their parliament;

their government;

their head of State;

an independent body entrusted with the appointment under Member State law.

Each member shall have the qualifications, experience and skills, in particular in the area of the protection of personal data, required to perform its duties and exercise its powers.

The duties of a member shall end in the event of the expiry of the term of office, resignation or compulsory retirement, in accordance with the law of the Member State concerned.

A member shall be dismissed only in cases of serious misconduct or if the member no longer fulfills the conditions required for the performance of the duties.

Suitable Recitals

(121) Independence of the supervisory authorities.

COMMENTARY:

The GDPR

Article 53 sets out the general conditions of the status applicable to the members of the supervisory authority, in accordance with the case law of the CJEU (see CJEU, 9 March 2010, C-518/07), and on the basis also of article 42, paragraphs 2 to 6 of the Regulation (EC) No. 45/2001 on the processing of data carried out by the institutions and bodies of the European Union.

Initially, recital 121 recommended that the conditions applicable to the members are determined by the law of each Member State and that the appointment of members is made by the parliament or by the federal government. The second proposed version of the Regulation has somewhat eased the principles established by the above-mentioned recital by providing that members of the supervisory

authority may also be appointed by an independent body. Thus, Article 53 in its first paragraph provides that the members of the supervisory authorities be appointed by means of a transparent procedure by either their parliament or government, by the head of their state or by an independent body entrusted with the appointment under Member State law (Art. 53 (1)).

According to the second paragraph, each member shall have the qualifications, experience and skills, in particular in the area of the protection of personal data, required to perform its duties and exercise its powers.

Article 53 provides several guarantees of independence in favour of members of the national authority: first the duties of a member shall end in the event of the expiry of the term of office, or resignation or compulsory retirement in accordance with the law of the Member State concerned. The final version of the Regulation adds that a member shall be dismissed only in cases of serious misconduct or if the member no longer fulfills the conditions required for the performance of the duties.

The Directive

The Directive does not say much about the status of the members of the supervisory authority. At most, Article 28 (7) of the Directive imposed to the Member States the obligation to provide that the members and staff of the supervisory authority, even after their employment has ended, are to be subject to a duty of professional secrecy with regard to confidential information to which they have access.


Art. 54 GDPR Rules on the establishment of the supervisory authority

Each Member State shall provide by law for all of the following:

The establishment of each supervisory authority;

The qualifications and eligibility conditions required to be appointed as member of each supervisory authority;

The rules and procedures for the appointment of the member or members of each supervisory authority;

The duration of the term of the member or members of each supervisory authority of no less than four years, except for the first appointment after 24th May 2016, part of which may take place for a shorter period where that is necessary to protect the independence of the supervisory authority by means of a staggered appointment procedure;

Whether and, if so, for how many terms the member or members of each supervisory authority is eligible for reappointment;

The conditions governing the obligations of the member or members and staff of each supervisory authority, prohibitions on actions, occupations and benefits

incompatible therewith during and after the term of office and rules governing the cessation of employment.

The member or members and the staff of each supervisory authority shall, in accordance with Union or Member State law, be subject to a duty of professional secrecy both during and after their term of office, with regard to any confidential information which has come to their knowledge in the course of the performance of their tasks or exercise of their powers. During their term of office, that duty of professional secrecy shall in particular apply to reporting by natural persons of infringements of this Regulation.

Suitable Recitals

(117) Establishment of supervisory authorities; (121) Independence of the supervisory authorities.

COMMENTARY:

As already indicated, the Directive says very little about the terms of appointment and the status applicable to the members of the supervisory authority as well as the modes for establishment of the supervisory authorities; at most, Article 28 (7) of the Directive imposed an obligation on the Member States to ensure that the members and staff of the supervisory authority, even after their employment has ended, are to be subject to a duty of professional secrecy with regard to confidential information to which they have access.

Article 54 – Rules on the establishment of the supervisory authority Article 54(1) requires member states to “provide by law” for the “establishment of the supervisory authority,” including qualifications and eligibility conditions, rules and procedures, duration of and number of eligible terms, and obligations regarding appointment as a member of the supervisory authority.


Section 2: Competence, task and powers Art. 55 GDPR Competence

Each supervisory authority shall be competent for the performance of the tasks assigned to and the exercise of the powers conferred on it in accordance with this Regulation on the territory of its own Member State.

Where processing is carried out by public authorities or private bodies acting on the basis of point (c) or (e) of Article 6(1), the supervisory authority of the Member State concerned shall be competent. In such cases Article 56 does not apply.

Supervisory authorities shall not be competent to supervise processing operations of courts acting in their judicial capacity.

Suitable Recitals

(122) Responsibility of the supervisory authorities.

COMMENTARY:

Article 55 begins by restating the rule contained in Article 28, paragraphs 1 and 3, of the Directive that each supervisory authority shall be competent for the performance of the tasks assigned and the exercise of the powers conferred on it. In its first version, Article 55 of the draft Regulation also provides a new competence, that of lead authority when the controller or the processor is established in several Member States, in order to ensure uniform application ("single window").

This new competence of the lead supervisory authority is now subject to a specific provision in Article 56 and will therefore be discussed under that provision. It was already noted that Article 55 makes Article 56 inapplicable where the processing is carried out by public authorities or private bodies acting on the basis of article 6, paragraph 1, point (c) (i.e. when the processing is necessary for compliance with a legal obligation to which the controller is subject) or (e) (i.e. when the processing is necessary for the performance of a task in the public interest or in the exercise of public authority which is vested to the controller). In this case, the supervisory authority of the Member State concerned remains responsible.

Finally, pursuant to the terms of paragraph 3 of Article 55, the courts acting in their judicial capacity are not subject to the competence of the supervisory authorities to supervise processing operations but they shall still apply the material rules relating to the data protection. The question of the competence of the national supervisory authority was already addressed by Article 28, paragraphs 1 and 3, of the Directive. Accordingly, each supervisory authority shall have all the powers conferred on it in the territory of the relevant Member State, in order to ensure the compliance with the data protection rules of that territory. Pursuant to this provision, each national authority is territorially competent to exercise its powers in accordance with the procedural law of the relevant Member State, whatever the national law applicable to the processing in question.


Art. 56 GDPR Competence of the lead supervisory authority

Without prejudice to Article 55, the supervisory authority of the main establishment or of the single establishment of the controller or processor shall be competent to act as lead supervisory authority for the cross-border processing carried out by that controller or processor in accordance with the procedure provided in Article 60.

By derogation from paragraph 1, each supervisory authority shall be competent to handle a complaint lodged with it or a possible infringement of this Regulation, if the subject matter relates only to an establishment in its Member State or substantially affects data subjects only in its Member State.

In the cases referred to in paragraph 2 of this Article, the supervisory authority shall inform the lead supervisory authority without delay on that matter. Within a period of three weeks after being informed the lead supervisory authority shall

decide whether or

1 ... 21 22 23 24 25 26 27 28 29 ... 71
Go to page:

Free e-book «GDPR Articles With Commentary & EU Case Laws, Adv. Prashant Mali [books to read as a couple .txt] 📗» - read online now

Comments (0)

There are no comments yet. You can be the first!
Add a comment