On 15 June 2023, the Court of Justice of the EU (CJEU) published the opinions of the Advocates Generals on (i) liability for the damage occurred relating to unlawful data processing, (ii) judicial remedy available to data subject against an independent supervisory authority regarding his/ her right of direct access to criminal personal data.
Kočner v Europol – Case C-755/21 P
Case facts
In May 2019, the press published the information of Mr. Kočner relating to a murder investigation. Also, the EU Agency for Law Enforcement Cooperation (Europol) stated that he had been in custody since 20 June 2018 for suspected financial crime and had a direct link to the ‘so-called mafia lists’ and the ‘Panama Papers’. As a result, he brought an action before the EU General Court seeking compensation in the amount of 100 000 euros for the allegedly claimed non-material damage.
Advocate General’s Opinion
Mr. Athanasios Rantos considered that would be the opportunity for the Court to rule on the nature of Europol’s non-contractual liability and then, on the existence of a special system of joint and several liability between Europol and the Member State in which damage has occurred in relation to incorrect data processing by Europol or that Member State. Accordingly, he concluded that EU law introduces a system of joint and several liability between Europol and the Member State concerned for damage suffered as a result of unlawful data processing as a consequence of action by Europol or that Member State.
Press release: https://curia.europa.eu/jcms/upload/docs/application/pdf/2023-06/cp230102en.pdf
Ligue des droits humains ASBL, BA v Organe de contrôle de l’information policière – Case C‑333/22
Case facts
Due to a refusal by the Belgian National Security Authority to issue a “security clearance certificate”, a data subject asked the Belgian Supervisory Body for Police Information (OCIP) to identify the data controllers and order them to provide him with access to his information. The OCIP informed him that it had carried out all necessary checks without any further details. He and the Ligue des droits humains brought an action against the OCIP before the Belgian courts who questioned this judicial remedy against the OCIP and its compliance with Art. 17 Law Enforcement Directive 2016/680 and Art. 8(3), 47 the EU Charter of Fundamental Rights.
Advocate General’s Opinion
Mme. Laila Medina considered that Art. 17 Directive 2016/680 governing the indirect exercise of rights through the supervisory authority is compatible with the fundamental rights of protection of personal data and to an effective remedy as provided for in the Charter of Fundamental Rights of the European Union in so far as (i) the supervisory authority may, depending on the circumstances, go beyond stating that all necessary verifications have been carried out and (ii) there is available to the data subject a judicial review of the action taken and the assessment made by the supervisory authority concerning that data subject in the light of the obligations of the controller.
Press release: https://curia.europa.eu/jcms/upload/docs/application/pdf/2023-06/cp230104en.pdf
More news regarding personal data protection on AstraIA Gear: https://www.astraiagear.com/category/data/
For further discussion or weekly newsletter – follow me on Linkedin and more short news, follow our LinkedIn Page, cheers!