Article 53
General conditions for the members of the supervisory authority

Official
Texts
Guidelines
& Caselaw
Review of
EU Regulation
Review of
Nat. Regulation
Show the recitals of the Regulation related to article 53 keyboard_arrow_down Hide the recitals of the Regulation related to article 53 keyboard_arrow_up

(121) The general conditions for the member or members of the supervisory authority should be laid down by law in each Member State and should in particular provide that those members are to be appointed, by means of a transparent procedure, either by the parliament, government or the head of State of the Member State on the basis of a proposal from the government, a member of the government, the parliament or a chamber of the parliament, or by an independent body entrusted under Member State law. In order to ensure the independence of the supervisory authority, the member or members should act with integrity, refrain from any action that is incompatible with their duties and should not, during their term of office, engage in any incompatible occupation, whether gainful or not. The supervisory authority should have its own staff, chosen by the supervisory authority or an independent body established by Member State law, which should be subject to the exclusive direction of the member or members of the supervisory authority..

Show the recitals of the Directive related to article 53 keyboard_arrow_down Hide the recitals of the Directive related to article 53 keyboard_arrow_up

(62) Whereas the establishment in Member States of supervisory authorities, exercising their functions with complete independence, is an essential component of the protection of individuals with regard to the processing of personal data;

The GDPR

Article 53 sets out the general conditions of the status applicable to the members of the supervisory authority, in accordance with the case law of the CJEU (see CJEU, 9 March 2010, C-518/07), and on the basis also of article 42, paragraphs 2 to 6 of the Regulation (EC) No. 45/2001 on the processing of data carried out by the institutions and bodies of the European Union.

Initially, recital 121 recommended that the conditions applicable to the members are determined by the law of each Member State and that the appointment of members is made by the parliament or by the federal government.

The second proposed version of the Regulation has somewhat eased the principles established by the above-mentioned recital by providing that members of the supervisory authority may also be appointed by an independent body.

Thus, Article 53 in its first paragraph provides that the members of the supervisory authorities be appointed by means of a transparent procedure by either their parliament or government, by the head of their state or by an independent body entrusted with the appointment under Member State law (Art. 53 (1)).

According to the second paragraph, each member shall have the qualifications, experience and skills, in particular in the area of the protection of personal data, required to perform its duties and exercise its powers.

Article 53 provides several guarantees of independence in favour of members of the national authority: first the duties of a member shall end in the event of the expiry of the term of office, or resignation or compulsory retirement  in accordance with the law of the Member State concerned (paragraph 3). The final version of the Regulation adds that a member shall be dismissed only in cases of serious misconduct or if the member no longer fulfils the conditions required for the performance of the duties (paragraph 4).

The Directive

The Directive does not say much about the status of the members of the supervisory authority. At most, Article 28 (7) of the Directive imposed to the Member States the obligation to provide that the members and staff of the supervisory authority, even after their employment has ended, are to be subject to a duty of professional secrecy with regard to confidential information to which they have access.

Potential issues

We do not see a priori any specific implementation difficulties.

Regulation
1e 2e

Art. 53

1.   Member States shall provide for each member of their supervisory authorities to be appointed by means of a transparent procedure by:

– their parliament

– their government;

– their head of State; or

– an independent body entrusted with the appointment under Member State law.

2.   Each member shall have the qualifications, experience and skills, in particular in the area of the protection of personal data, required to perform its duties and exercise its powers.

3.   The duties of a member shall end in the event of the expiry of the term of office, resignation or compulsory retirement, in accordance with the law of the Member State concerned.

4.   A member shall be dismissed only in cases of serious misconduct or if the member no longer fulfils the conditions required for the performance of the duties.

1st proposal close

Art. 48

1.           Member States shall provide that the members of the supervisory authority must be appointed either by the parliament or the government of the Member State concerned.

2.           The members shall be chosen from persons whose independence is beyond doubt and whose experience and skills required to perform their duties notably in the area of protection of personal data are demonstrated.

3.           The duties of a member shall end in the event of the expiry of the term of office, resignation or compulsory retirement in accordance with paragraph 5.

4.           A member may be dismissed or deprived of the right to a pension or other benefits in its stead by the competent national court, if the member no longer fulfils the conditions required for the performance of the duties or is guilty of serious misconduct.

5.           Where the term of office expires or the member resigns, the member shall continue to exercise the duties until a new member is appointed.

2nd proposal close

Art. 48

1.Member States shall provide that the member or members of each supervisory authority must be appointed (...) by the parliament and/or the government or the head of State of the Member State concerned or by an independent body entrusted by Member State law with the appointment by means of a transparent procedure

2. The member or members shall have the qualifications, experience and skills required to perform their duties and exercise their powers.

3. The duties of a member shall end in the event of the expiry of the term of office, resignation or compulsory retirement in accordance with the law of the Member State concerned.

4. (...)

5. (…).

Directive close

Art. 28

(...)

7. Member States shall provide that the members and staff of the supervisory authority, even after their employment has ended, are to be subject to a duty of professional secrecy with regard to confidential information to which they have access.

The head of the Data Protection Authority

§ 20 DSG

(1) The head of the Data Protection Authority is appointed for a term of five years by the Federal President on the basis of a proposal by the Federal Government; re-appointment is permitted. The proposal is to be preceded by an advertisement for the position permitting general applications.

(2) The head of the Data Protection Authority must

  1. have completed a law degree,
  2. have the necessary personal and professional aptitude through prior education and appropriate professional experience in the matters to be handled by the Data Protection Authority,
  3. possess an excellent knowledge of Austrian data protection law, Union law and fundamental rights, and
  4. have at least five years of professional experience in the legal field.

(3) The following persons may not be appointed head of the Data Protection Authority:

  1. members of the Federal Government, state secretaries, members of a provincial government, members of the National Council, the Federal Council or any other general representative body or of the European Parliament, as well as members of the Ombudsman Board, and the president of the Court of Audit;
  2. persons who have held one of the positions listed in subpara. 1 in the last two years;
  3. persons who may not be elected to the National Council.

(4) The head of the Data Protection Authority shall be dismissed by the Federal President on the basis of a proposal by the Federal Government.​

(5) The deputy head of the Data Protection Authority is appointed for a term of five years by the Federal President on the basis of a proposal by the Federal Government in accordance with paras. 1 to 3. Para. 4 applies to the dismissal of the deputy.

 

Old law close

In force until May 25, 2018:


Organisation and Independence of the Data Protection Authority

§ 37 DSG 2000

(1) The head of the Data Protection Authority is independent and not bound by instructions in the exercise of his office.

(2) The Data Protection Authority is an administrative authority und human resource department. The Federal Finance Act shall provide for the necessary expenditures for staff and equipment. The officials of the Data Protection Authority shall be bound only by the instructions of the head. The head shall have the service prerogative over the officials of the Data Protection Authority.

(3) The Federal Chancellor can request information from the head of the Data Protection Authority about the operations of the authority. The head of the Data Protection Authority shall comply such requests only insofar as this does not compromise the independence of the supervisory authority as laid down in Article 28 paragraph 1 sub-paragraph 2 of Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data, Official Journal L 281, 23/11/1995, p. 31.

(4) The Data Protection Authority shall be heard before laws concerning essential issues of data protection and federal ordinances based on this federal law or which otherwise directly concerns important issues of data protection are enacted.

(5) The Data Protection Authority shall formulate until 31 March every year a report about its workings in the preceding calendar year, submit it to the Federal Chancellor and publish it in an appropriate manner. The report shall be submitted to the National Council and the Federal Council by the Federal Chancellor.

(6) Decisions of the Data Protection Authority of fundamental importance to the general public shall be published by the Data Protection Authority in a suitable manner while respecting official secrecy rules.

close