Abstract
The Court of Justice considered in Österreichische Datenschutzbehörde (C‑33/22) whether the personal data processing activities of a Parliament of a Member State fall within the scope of the GDPR 2016/679 and if the national security exemption therein should be interpreted broadly or narrowly. It decided that, as a general principle, they do fall within the scope of the GDPR, and in instances where the national security exemption is relied upon, that exemption should be interpreted narrowly. The Court also considered whether provisions of the GDPR relating to the right to lodge a complaint with a national supervisory authority could be applied directly, despite a constitutional principle of separation of powers that precludes external interference in the Parliament’s activities. It ruled that they can.
This case note illustrates the confusion that previously existed and demonstrates that the decision brings much needed clarity.
This case note illustrates the confusion that previously existed and demonstrates that the decision brings much needed clarity.
Original language | English |
---|---|
Pages (from-to) | 232-236 |
Number of pages | 5 |
Journal | European Data Protection Law Review |
Volume | 10 |
Issue number | 2 |
DOIs |
|
Publication status | Published - 30 Jul 2024 |
Keywords
- GDPR
- national security exemption
- supervisory authorities
- material scope
- competence
- separation of powers
- data protection
- material scope of application
- parliament