Start Submission

Reading: ‘Complete Independence’ of National Data Protection Supervisory AuthoritiesSecond Try: Comme...

Download

A- A+
dyslexia friendly

Articles

‘Complete Independence’ of National Data Protection Supervisory Authorities
Second Try: Comments on the Judgment of the CJEU of 16 October 2012,
C-614/10, with Due Regard to its Previous Judgment of 9 March 2010,
C-518/07

Author:

Alexander Balthasar

Institute for State Organisation and Administrative Reform in the Austrian Federal Chancellery and a Member of the Austrian Federal Independent Senate for Environmental Affairs (a ‘mixed council’), both in Vienna., AT
X close

Abstract

In 2010, the Court of Justice of the European Union (CJEU) delivered a landmark judgment concerning the requirements of the ‘complete independence’ of national data protection supervisory authorities (Commission v. Germany, C-518/07). Two and a half years later, the Court has taken a far more moderate view when assessing the level of independence of the Austrian Data Protection Commission (Commission v. Austria, C-614/10). For the author, who had criticized the previous judgment, the more recent one is a major step forward – towards a fair balance to be struck between the necessary independence of these authorities and  the likewise necessary coherence of general State organization, State responsibility and State budget. The more recent judgment is also more in line with a) the wording of Article 8(3) of the EU Charter of Fundamental Rights, b) the level of independence enjoyed by the European Data Protection Supervisor (EDPS), the French Commission nationale de l’informatique et des libertés (CNIL) and the National Human Rights Institutions (NHRI) under the ‘Paris Principles’, and c) the  previous case law (Commission v. ECB).
Nevertheless, even this more moderate level of independence required for data protection authorities seems to exceed the one deemed sufficient for the judiciary. This is highly problematic given the fact that the judiciary is not just a branch of State organization completely separated from data protection authorities but, on the contrary, is called upon to legally review the decisions of data protection authorities.
So also Commission v. Austria will, most probably, not yet be the end of the story – the more so, because the arguments raised in both judgments in favour of ‘complete independence’ are not intrinsically linked to the issue of data protection, but are likewise applicable to all kinds of regulatory bodies or institutions with a specific remit to secure fundamental rights, and, thus, in principle with horizontal relevance.

DOI: http://doi.org/10.18352/ulr.234
How to Cite: Balthasar, A., (2013). ‘Complete Independence’ of National Data Protection Supervisory Authorities
Second Try: Comments on the Judgment of the CJEU of 16 October 2012,
C-614/10, with Due Regard to its Previous Judgment of 9 March 2010,
C-518/07. Utrecht Law Review. 9(3), pp.26–38. DOI: http://doi.org/10.18352/ulr.234
96
Views
26
Downloads
Published on 12 Jul 2013.
Peer Reviewed

Downloads

  • PDF

    comments powered by Disqus