menu MENU
arrow_back Back to the list of all Articles
Change country (Currently : Hungary) language
Contact our local member in Hungary mail_outline
Visit the website of Oppenheim account_balance

arrow_backPrevious Article
Article 79
Next Articlearrow_forward

Right to an effective judicial remedy against a controller or processor

Official
Texts Guidelines Caselaw Review of
EU Regulation Review of
Nat. Regulation
Show key term(s) and Article(s) related to article 79 of the Regulation keyboard_arrow_down Hide key term(s) and Article(s) related to article 79 keyboard_arrow_up
Show the recitals of the Regulation related to article 79 keyboard_arrow_down Hide the recitals of the Regulation related to article 79 keyboard_arrow_up

(145) For proceedings against a controller or processor, the plaintiff should have the choice to bring the action before the courts of the Member States where the controller or processor has an establishment or where the data subject resides, unless the controller is a public authority of a Member State acting in the exercise of its public powers.

Show the recitals of the Directive related to article 79 keyboard_arrow_down Hide the recitals of the Directive related to article 79 keyboard_arrow_up

(55) Whereas, if the controller fails to respect the rights of data subjects, national legislation must provide for a judicial remedy; whereas any damage which a person may suffer as a result of unlawful processing must be compensated for by the controller, who may be exempted from liability if he proves that he is not responsible for the damage, in particular in cases where he establishes fault on the part of the data subject or in case of force majeure; whereas sanctions must be imposed on any person, whether governed by private of public law, who fails to comply with the national measures taken under this Directive;

The GDPR

Article 79 gives people affected by processing, a genuine right to an effective judicial remedy against both the controller and the processor in case of infringement of their rights resulting from the processing of their data. This right is not to be confused either with the possibility of lodging a complaint with a supervisory authority referred to in article 78, nor with any other administrative or extra-judicial remedy provided under the relevant national law.

The second paragraph allows the data subject to bring his action either before the courts of the Member State in which the controller has an establishment or in the courts of the state of habitual residence of the data subject, unless controller or processor is a public authority of a Member State acting in the exercise of its public powers.

It should be noted that as per recital 146, the jurisdictional rules contained in the Regulation need subject to the general jurisdictional rules contained in other legal instruments, such as those contained in Regulation (EU) No. 1215/2012 of the European Parliament and the Council of 12 December 2012 concerning jurisdiction, recognition and enforcement of decisions on civil and commercial matters (Regulation called Brussels I bis).

The Directive

The Directive Article 22 requires the Member States to provide to any person the right to a judicial remedy in case of breach of the rights guaranteed to him by the national provisions transposing the Directive.

Potential issues

The competence of the courts will not necessarily imply that they must apply their national laws that codify the Regulation or that the national authority of the state court is competent.

arrow_back Previous ArticleArticle 79Next Article arrow_forward
arrow_back Previous ArticleArticle 79 Next Article arrow_forward
arrow_back Previous Article Article 79 Next Article arrow_forward

Summary

European Union

European Union

CJEU caselaw

C‑132/21 (12 January 2023), Budapesti Elektromos Művek

Article 77(1), Article 78(1) and Article 79(1) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), read in the light of Article 47 of the Charter of Fundamental Rights of the European Union,

must be interpreted as permitting the remedies provided for in Article 77(1) and Article 78(1) of that regulation, on the one hand, and Article 79(1) thereof, on the other, to be exercised concurrently with and independently of each other. It is for the Member States, in accordance with the principle of procedural autonomy, to lay down detailed rules as regards the relationship between those remedies in order to ensure the effective protection of the rights guaranteed by that regulation and the consistent and homogeneous application of its provisions, as well as the right to an effective remedy before a court or tribunal as referred to in Article 47 of the Charter of Fundamental Rights.

Decision of the court

Opinion of the advocate General

Retour au sommaire Retour au sommaire
arrow_back Previous Article Article 79 Next Article arrow_forward
Regulation
1e 2e

Art. 79

1.   Without prejudice to any available administrative or non-judicial remedy, including the right to lodge a complaint with a supervisory authority pursuant to Article 77, each data subject shall have the right to an effective judicial remedy where he or she considers that his or her rights under this Regulation have been infringed as a result of the processing of his or her personal data in non-compliance with this Regulation.

2.   Proceedings against a controller or a processor shall be brought before the courts of the Member State where the controller or processor has an establishment. Alternatively, such proceedings may be brought before the courts of the Member State where the data subject has his or her habitual residence, unless the controller or processor is a public authority of a Member State acting in the exercise of its public powers.
1st proposal close

Art. 75 

1. Without prejudice to any available administrative remedy, including the right to lodge a complaint with a supervisory authority as referred to in Article 73, every natural person shall have the right to a judicial remedy if they consider that their rights under this Regulation have been infringed as a result of the processing of their personal data in non-compliance with this Regulation.

2. Proceedings against a controller or a processor shall be brought before the courts of the Member State where the controller or processor has an establishment. Alternatively, such proceedings may be brought before the courts of the Member State where the data subject has its habitual residence, unless the controller is a public authority acting in the exercise of its public powers.

3. Where proceedings are pending in the consistency mechanism referred to in Article 58, which concern the same measure, decision or practice, a court may suspend the proceedings brought before it, except where the urgency of the matter for the protection of the data subject's rights does not allow to wait for the outcome of the procedure in the consistency mechanism.

4. The Member States shall enforce final decisions by the courts referred to in this Article.
2nd proposal close

Art. 75 

1. Without prejudice to any available administrative or non-judicial remedy, including the right to lodge a complaint with a supervisory authority under Article 73, data subjects shall have the right to an effective judicial remedy if they consider that their rights under this Regulation have been infringed as a result of the processing of their personal data in non-compliance with this Regulation.

2. Proceedings against a controller or a processor shall be brought before the courts of the Member State where the controller or processor has an establishment (…). Alternatively, such proceedings may be brought before the courts of the Member State where the data subject has his or her habitual residence, unless the controller or processor is a public authority acting in the exercise of its public powers.

3. (…)

4. (…)
Directive close

Art. 22

Without prejudice to any administrative remedy for which provision may be made, inter alia before the supervisory authority referred to in Article 28, prior to referral to the judicial authority, Member States shall provide for the right of every person to a judicial remedy for any breach of the rights guaranteed him by the national law applicable to the processing in question.
Hungary
compare_arrows
visibility Old law

23. § *  (1) Az érintett az adatkezelő, illetve - az adatfeldolgozó tevékenységi körébe tartozó adatkezelési műveletekkel összefüggésben - az adatfeldolgozó ellen bírósághoz fordulhat, ha megítélése szerint az adatkezelő, illetve az általa megbízott vagy rendelkezése alapján eljáró adatfeldolgozó a személyes adatait a személyes adatok kezelésére vonatkozó, jogszabályban vagy az Európai Unió kötelező jogi aktusában meghatározott előírások megsértésével kezeli.

(2) Azt, hogy az adatkezelés a személyes adatok kezelésére vonatkozó, jogszabályban vagy az Európai Unió kötelező jogi aktusában meghatározott előírásoknak - így különösen a 2. § (3) bekezdésének hatálya alá tartozó adatkezelések esetén a 4. § (1)-(4a) bekezdésben meghatározott alapvető követelményeknek - megfelel, az adatkezelő, illetve az adatfeldolgozó köteles bizonyítani.

(3) A pert az érintett - választása szerint - a lakóhelye vagy tartózkodási helye szerint illetékes törvényszék előtt is megindíthatja.

(4) A perben fél lehet az is, akinek egyébként nincs perbeli jogképessége. A perbe a Hatóság az érintett pernyertessége érdekében beavatkozhat.

(5) Ha a bíróság a keresetnek helyt ad, a jogsértés tényét megállapítja és az adatkezelőt, illetve az adatfeldolgozót

a) a jogellenes adatkezelési művelet megszüntetésére,

b) az adatkezelés jogszerűségének helyreállítására, illetve

c) az érintett jogai érvényesülésének biztosítására pontosan meghatározott magatartás tanúsítására

kötelezi, és szükség esetén egyúttal határoz a kártérítés, sérelemdíj iránti igényről is.

(6) A bíróság elrendelheti ítéletének - az adatkezelő, illetve adatfeldolgozó azonosító adatainak közzétételével történő - nyilvánosságra hozatalát, ha az ítélet személyek széles körét érinti, ha az alperes adatkezelő, illetve adatfeldolgozó közfeladatot ellátó szerv, vagy ha a bekövetkezett jogsérelem súlya a nyilvánosságra hozatalt indokolja.
Old law close

Judicial remedy

§ 22 Data Protection Act

(1) In the event of any infringement of his rights, the data subject, and in the cases referred to in Section 21, the data recipient may file for court action against the controller. The court shall hear such cases in priority proceedings.

(2) The burden of proof to show compliance with the law lies with the data controller. In the cases under Subsections (5) and (6) of Section 21, the burden of proof concerning the lawfulness of receiving data lies with the data recipient.

[...]

(4) Any person otherwise lacking legal capacity to be a party to legal proceedings may also be involved in such actions. The Authority may intervene in the action on the data subject’s behalf.

(5) When the court’s decision is in favor of the plaintiff, the court shall order the controller to provide the information, to rectify, block or erase the data in question, to annul the decision adopted by means of automated data-processing systems, to honor the data subject’s objection, or to disclose the data requested by the data recipient referred to in Section 21.

(6) If the court rejects the petition filed by the data recipient in the cases defined in Section 21, the controller shall be required to erase the data subject’s personal data within three days of delivery of the court ruling. The controller shall erase the data even if the data recipient does not file for court action within the time limit referred to in Subsection (5) or (6) of Section 21.

(7) The court may order publication of its decision, indicating the identification data of the controller as well, where this is deemed necessary for reasons of data protection or in connection with the rights of large numbers of data subjects under protection by this Act.
arrow_back Previous ArticleArticle 79 Next Article arrow_forward
close

2016 - www.itiplaw.eu.