Thursday 26th September 2024
EU Court of Justice Judgment in Case C-768/21 Land Hessen (Data protection authority’s duty to act)
(Principles, objectives and tasks of the Treaties – Data protection)
In Germany, a savings bank found that one of its employees had consulted a customer’s personal data on several occasions without being authorised to do so. The savings bank did not inform the customer, as its data protection officer had deemed that there was no high risk to him.
In fact, the employee had confirmed in writing that she had not copied or stored the data, that she had not passed it on to third parties and that she would not do so in the future. In addition, the Sparkasse had taken disciplinary action against her. The Sparkasse nevertheless notified the Land’s data protection commissioner of this violation.
After incidentally becoming aware of this incident, the customer lodged a complaint with the Data Protection Commissioner. After hearing the Sparkasse, the data protection commissioner informed the customer that he did not consider it necessary to take any remedial action against the Sparkasse.
The customer then brought an action before a German court, asking it to order the Data Protection Commissioner to take action against the Sparkasse and, in particular, to impose a fine.
The German court asked the Court of Justice to interpret the General Data Protection Regulation (GDPR) in this regard.
Donnerstag, 26. September 2024
Urteil des Gerichtshofs in der Rechtssache C‑768/21 Land Hessen (Handlungspflicht der Datenschutzbehörde)
Schutz personenbezogener Daten
Ein Kunde einer Sparkasse ersuchte den Hessischen Beauftragten für Datenschutz und Informationsfreiheit, gegen die Sparkasse wegen einer Verletzung des Schutzes seiner personenbezogenen Daten einzuschreiten. Eine Mitarbeiterin der Sparkasse hatte nämlich mehrmals unbefugt auf seine Daten zugegriffen.
Der Datenschutzbeauftragte stellte eine Verletzung des in der Datenschutz-Grundverordnung (DSGVO) vorgesehenen Datenschutzes fest. Er kam jedoch zu dem Ergebnis, dass ein Einschreiten gegen die Sparkasse nicht geboten sei, da diese gegen die betreffende Mitarbeiterin bereits Disziplinarmaßnahmen ergriffen habe.
Der Kunde geht gegen diese Weigerung beim Verwaltungsgericht Wiesbaden vor und beantragt, den Datenschutzbeauftragten zum Einschreiten gegen die Sparkasse zu verpflichten. Er macht u. a. geltend, dass der Datenschutzbeauftragte gegen die Sparkasse Bußgelder hätte verhängen müssen.
Das Verwaltungsgericht Wiesbaden hat den Gerichtshof zu den Befugnissen und Pflichten des Datenschutzbeauftragten als „Aufsichtsbehörde“ im Sinne der DSGVO befragt.
Generalanwalt Pikamäe hat in seinen Schlussanträgen vom 11. April 2024 die Ansicht vertreten, dass die Aufsichtsbehörde zum Einschreiten verpflichtet sei, wenn sie bei der Prüfung einer Beschwerde einen Verstoß feststelle. Die Entscheidung über die zu ergreifende Abhilfemaßnahme hänge jedoch von den konkreten Umständen des jeweiligen Einzelfalls ab (siehe Pressemitteilung Nr. 63/24).
We and use cookies and other tracking technologies to improve your experience on our website. We may store and/or access information on a device and process personal data, such as your IP address and browsing data, for personalised advertising and content, advertising and content measurement, audience research and services development. Additionally, we may utilize precise geolocation data and identification through device scanning.
Please note that your consent will be valid across all our subdomains. You can change or withdraw your consent at any time by clicking the “Consent Preferences” button at the bottom of your screen. We respect your choices and are committed to providing you with a transparent and secure browsing experience.
Cookie | Duration | Description |
---|---|---|
__stripe_mid | This cookie is set by Stripe payment gateway. This cookie is used to enable payment on the website without storing any patment information on a server. | |
__stripe_sid | This cookie is set by Stripe payment gateway. This cookie is used to enable payment on the website without storing any patment information on a server. | |
_abck | This cookie is used to detect and defend when a client attempt to replay a cookie.This cookie manages the interaction with online bots and takes the appropriate actions. | |
_wpfuuid | This cookie is used by the WPForms WordPress plugin. The cookie is used to allows the paid version of the plugin to connect entries by the same user and is used for some additional features like the Form Abandonment addon. | |
ASP.NET_SessionId | Issued by Microsoft's ASP.NET Application, this cookie stores session data during a user's website visit. | |
AWSALBCORS | This cookie is managed by Amazon Web Services and is used for load balancing. | |
bm_sz | This cookie is set by the provider Akamai Bot Manager. This cookie is used to manage the interaction with the online bots. It also helps in fraud preventions | |
cookielawinfo-checbox-analytics | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". | |
cookielawinfo-checbox-functional | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". | |
cookielawinfo-checbox-others | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. | |
cookielawinfo-checkbox-necessary | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". | |
cookielawinfo-checkbox-performance | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". | |
elementor | This cookie is used by the website's WordPress theme. It allows the website owner to implement or change the website's content in real-time. | |
JSESSIONID | Used by sites written in JSP. General purpose platform session cookies that are used to maintain users' state across page requests. | |
viewed_cookie_policy | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |
Cookie | Duration | Description |
---|---|---|
_ga | The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors. | |
_ga_4L7PKQPHHV | This cookie is installed by Google Analytics. | |
_ga_T50H0MNN9J | This cookie is installed by Google Analytics. | |
_gat_gtag_UA_12289088_5 | Set by Google to distinguish users. | |
_gcl_au | Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services. | |
_gid | Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously. |
Cookie | Duration | Description |
---|---|---|
test_cookie | The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies. |
Cookie | Duration | Description |
---|---|---|
_mcid | No description available. | |
_swa_u | This cookie is set by the provider Sitewit.com. This cookie is used for statistical report and analysis. | |
ak_bmsc | No description available. | |
AWSALB | AWSALB is a cookie generated by the Application load balancer in the Amazon Web Services. It works slightly different from AWSELB. | |
ec_store_chameleon_font | No description available. | |
FCCDCF | No description available. | |
issuem_lp | No description available. | |
lp_us_his | No description | |
m | No description available. |