Abstract
The General Data Protection Regulation (Regulation 2016/679, ‘GDPR’) was meant to bring harmonisation to the area of regulating the processing of personal data within the European Union (‘EU’) (recital 10 GDPR). Five years after its becoming applicable, such harmonisation is yet to materialise. On the one hand, this is because the GDPR was injected with a high number of so-called opening clauses during the legislative process, meaning that for certain areas, for example for personal data processing for research, Member States are still free to find their own solutions which consequently leads to the creation of partly contradictory rules. On the other hand, this is because for certain aspects of the GDPR it was never an option to fully harmonise them at EU level as they are part of the prerogatives of the Member States. The named aspect pertains to procedural law. For enforcement of the GDPR, diverging or mismatching procedural requirements in EU Member States have turned into a serious obstacle to its effectiveness to the extent that the European Data Protection Board sent a wish-list to the European Commission in October 2022 on aspects to harmonise for more efficiency and effectiveness.
One question concerning the interaction of national procedures and legal remedies of the GDPR has now reached the Court of Justice, which on 12 January 2023 issued its ruling. The underlying case (C-132/21, Nemzeti Adatvédelmi és Információszabadság Hatóság) stemming from a Hungarian court asked in essence whether the different legal remedies provided in the GDPR for individuals to enforce their rights stand in any hierarchy in relation to each other. With its answers, the Court of Justice tries to navigate successfully the slippery slope between respecting the procedural autonomy of the Member States and ensuring that national procedures do not undermine the harmonisation objectives of EU legislation, though with moderate success.
One question concerning the interaction of national procedures and legal remedies of the GDPR has now reached the Court of Justice, which on 12 January 2023 issued its ruling. The underlying case (C-132/21, Nemzeti Adatvédelmi és Információszabadság Hatóság) stemming from a Hungarian court asked in essence whether the different legal remedies provided in the GDPR for individuals to enforce their rights stand in any hierarchy in relation to each other. With its answers, the Court of Justice tries to navigate successfully the slippery slope between respecting the procedural autonomy of the Member States and ensuring that national procedures do not undermine the harmonisation objectives of EU legislation, though with moderate success.
Original language | English |
---|---|
Publisher | EU Law Live |
Media of output | Online |
Publication status | Published - 19 Jan 2023 |