Case C-33/22 Österreichische Datenschutzbehörde confirms that the GDPR has general application to Member States’ Parliaments

Research output: Contribution to journalComment/debatepeer-review

16 Downloads (Pure)

Abstract

The Court of Justice considered in Österreichische Datenschutzbehörde (C‑33/22) whether the personal data processing activities of a Parliament of a Member State fall within the scope of the GDPR 2016/679 and if the national security exemption therein should be interpreted broadly or narrowly. It decided that, as a general principle, they do fall within the scope of the GDPR, and in instances where the national security exemption is relied upon, that exemption should be interpreted narrowly. The Court also considered whether provisions of the GDPR relating to the right to lodge a complaint with a national supervisory authority could be applied directly, despite a constitutional principle of separation of powers that precludes external interference in the Parliament’s activities. It ruled that they can.
This case note illustrates the confusion that previously existed and demonstrates that the decision brings much needed clarity.
Original languageEnglish
Pages (from-to)232-236
Number of pages5
JournalEuropean Data Protection Law Review
Volume10
Issue number2
DOIs
Publication statusPublished - 30 Jul 2024

Keywords

  • GDPR
  • national security exemption
  • supervisory authorities
  • material scope
  • competence
  • separation of powers
  • data protection
  • material scope of application
  • parliament

Cite this