Rina Steenkamp - Privacy and technology
Chapter VI Independent supervisory authorities
1. Each supervisory authority shall be competent to perform the duties and to exercise the powers conferred on it in accordance with this Regulation on the territory of its own Member State, without prejudice to Articles 73 and 74. Data processing by a public authority shall be supervised only by the supervisory authority of that Member State.
2. (deleted)
3. The supervisory authority shall not be competent to supervise processing operations of courts acting in their judicial capacity.
[Source: October 2013]
(96) The supervisory authorities should monitor the application of the provisions pursuant to this Regulation and contribute to its consistent application throughout the Union, in order to protect natural persons in relation to the processing of their personal data and to facilitate the free flow of personal data within the internal market. For that purpose, the supervisory authorities should co-operate with each other and the Commission.
(99) While this Regulation applies also to the activities of national courts, the competence of the supervisory authorities should not cover the processing of personal data when courts are acting in their judicial capacity, in order to safeguard the independence of judges in the performance of their judicial tasks. However, this exemption should be strictly limited to genuine judicial activities in court cases and not apply to other activities where judges might be involved in, in accordance with national law.
[Source: October 2013 | Notes: Recitals | Context: Recitals]
Article 51 sets out the competence of the supervisory authorities. The general rule, based on Article 28(6) of Directive 95/46/EC (competency on the territory of its own Member State), is complemented by the new competence as lead authority in case that a controller or processor is established in several Member States, to ensure unity of application ('one-stop shop'). Courts, when acting in their judicial authority, are exempted from the monitoring by the supervisory authority, but not from the application of the substantive rules on data protection.
[Source: January 2012 | Context: Proposal from the European Commission]
1. Each supervisory authority shall exercise, on the territory of its own Member State, the powers conferred on it in accordance with this Regulation.
2. Where the processing of personal data takes place in the context of the activities of an establishment of a controller or a processor in the Union, and the controller or processor is established in more than one Member State, the supervisory authority of the main establishment of the controller or processor shall be competent for the supervision of the processing activities of the controller or the processor in all Member States, without prejudice to the provisions of Chapter VII of this Regulation.
3. The supervisory authority shall not be competent to supervise processing operations of courts acting in their judicial capacity.
[Source: January 2012 | Context: Proposal from the European Commission]
(96) The supervisory authorities should monitor the application of the provisions pursuant to this Regulation and contribute to its consistent application throughout the Union, in order to protect natural persons in relation to the processing of their personal data and to facilitate the free flow of personal data within the internal market. For that purpose, the supervisory authorities should co-operate with each other and the Commission.
(99) While this Regulation applies also to the activities of national courts, the competence of the supervisory authorities should not cover the processing of personal data when courts are acting in their judicial capacity, in order to safeguard the independence of judges in the performance of their judicial tasks. However, this exemption should be strictly limited to genuine judicial activities in court cases and not apply to other activities where judges might be involved in, in accordance with national law.
[Source: January 2012 | Notes: Recitals | Context: Proposal from the European Commission, Recitals]
General Data Protection Regulation: | Directive 95/46/EC: |
---|---|
Article 51(1) | Article 28(6) |
6. Each supervisory authority is competent, whatever the national law applicable to the processing in question, to exercise, on the territory of its own Member State, the powers conferred on it in accordance with paragraph 3. Each authority may be requested to exercise its powers by an authority of another Member State.
[...]