‘Complete Independence’ of National Data Protection Supervisory Authorities<br>Second Try: Comments on the Judgment of the CJEU of 16 October 2012,<br>C-614/10, with Due Regard to its Previous Judgment of 9 March 2010,<br>C-518/07
DOI:
https://doi.org/10.18352/ulr.234Keywords:
data protection, complete independence, regulatory body, judiciary, State responsibility, State budgetAbstract
In 2010, the Court of Justice of the European Union (CJEU) delivered a landmark judgment concerning the requirements of the ‘complete independence’ of national data protection supervisory authorities (Commission v. Germany, C-518/07). Two and a half years later, the Court has taken a far more moderate view when assessing the level of independence of the Austrian Data Protection Commission (Commission v. Austria, C-614/10). For the author, who had criticized the previous judgment, the more recent one is a major step forward – towards a fair balance to be struck between the necessary independence of these authorities and the likewise necessary coherence of general State organization, State responsibility and State budget. The more recent judgment is also more in line with a) the wording of Article 8(3) of the EU Charter of Fundamental Rights, b) the level of independence enjoyed by the European Data Protection Supervisor (EDPS), the French Commission nationale de l’informatique et des libertés (CNIL) and the National Human Rights Institutions (NHRI) under the ‘Paris Principles’, and c) the previous case law (Commission v. ECB).
Nevertheless, even this more moderate level of independence required for data protection authorities seems to exceed the one deemed sufficient for the judiciary. This is highly problematic given the fact that the judiciary is not just a branch of State organization completely separated from data protection authorities but, on the contrary, is called upon to legally review the decisions of data protection authorities.
So also Commission v. Austria will, most probably, not yet be the end of the story – the more so, because the arguments raised in both judgments in favour of ‘complete independence’ are not intrinsically linked to the issue of data protection, but are likewise applicable to all kinds of regulatory bodies or institutions with a specific remit to secure fundamental rights, and, thus, in principle with horizontal relevance.
Downloads
Published
Issue
Section
License
Copyright (c) 2013 The Author(s)
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors who publish with this journal agree to the following terms:- Authors retain copyright and grant Utrecht Law Review right of first publication with the work simultaneously licensed under a Creative Commons Attribution 4.0 License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in the Utrecht Law Review.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in Utrecht Law Review.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
Once accepted for publication, the final version of the paper must be provided. A completed and signed copyright form, which will be sent by the Managing Editor, must accompany each paper. By signing the form the author states to accept the copyright notice of Utrecht Law Review. The copyright notice for authors is also included in the copyright acceptance form.