Article 59
Activity reports

Official
Texts
Guidelines Caselaw Review of
EU Regulation
Review of
Nat. Regulation
Show the recitals of the Regulation related to article 59 keyboard_arrow_down Hide the recitals of the Regulation related to article 59 keyboard_arrow_up

(129) In order to ensure consistent monitoring and enforcement of this Regulation throughout the Union, the supervisory authorities should have in each Member State the same tasks and effective powers, including powers of investigation, corrective powers and sanctions, and authorisation and advisory powers, in particular in cases of complaints from natural persons, and without prejudice to the powers of prosecutorial authorities under Member State law, to bring infringements of this Regulation to the attention of the judicial authorities and engage in legal proceedings. Such powers should also include the power to impose a temporary or definitive limitation, including a ban, on processing. Member States may specify other tasks related to the protection of personal data under this Regulation. The powers of supervisory authorities should be exercised in accordance with appropriate procedural safeguards set out in Union and Member State law, impartially, fairly and within a reasonable time. In particular each measure should be appropriate, necessary and proportionate in view of ensuring compliance with this Regulation, taking into account the circumstances of each individual case, respect the right of every person to be heard before any individual measure which would affect him or her adversely is taken and avoid superfluous costs and excessive inconveniences for the persons concerned. Investigatory powers as regards access to premises should be exercised in accordance with specific requirements in Member State procedural law, such as the requirement to obtain a prior judicial authorisation. Each legally binding measure of the supervisory authority should be in writing, be clear and unambiguous, indicate the supervisory authority which has issued the measure, the date of issue of the measure, bear the signature of the head, or a member of the supervisory authority authorised by him or her, give the reasons for the measure, and refer to the right of an effective remedy. This should not preclude additional requirements pursuant to Member State procedural law. The adoption of a legally binding decision implies that it may give rise to judicial review in the Member State of the supervisory authority that adopted the decision.

Show the recitals of the Directive related to article 59 keyboard_arrow_down Hide the recitals of the Directive related to article 59 keyboard_arrow_up

(63) Whereas such authorities must have the necessary means to perform their duties, including powers of investigation and intervention, particularly in cases of complaints from individuals, and powers to engage in legal proceedings; whereas such authorities must help to ensure transparency of processing in the Member States within whose jurisdiction they fall;

The GDPR

Article 59 of the Regulation confirms the obligation for each supervisory authority to prepare an annual report and to transmit it to the national parliament, the government and other authorities designated by the national legislation. The report shall be made available to the public, to the Commission and to the European Data Protection Board.

The final version of the Regulation states that the report may include a list of types of infringement notified and types of measures taken in accordance with the powers vested in the supervisory authorities by Article 58 (2).

The Directive

The Directive already provided that an activity report be provided at regular intervals by the supervisory authorities (Article 28 of the Directive).

Potential issues

We do not see a priori any difficulties with this provision, which merely confirms an existing practice in most Member States.

Retour au sommaire
Regulation
1e 2e

Art. 59

Each supervisory authority shall draw up an annual report on its activities, which may include a list of types of infringement notified and types of measures taken in accordance with Article 58(2). Those reports shall be transmitted to the national parliament, the government and other authorities as designated by Member State law. They shall be made available to the public, to the Commission and to the Board.

1st proposal close

Art. 54

Each supervisory authority must draw up an annual report on its activities. The report shall be presented to the national parliament and shall be made be available to the public, the Commission and the European Data Protection Board.

2nd proposal close

Art. 54

Each supervisory authority shall draw up an annual report of its activities. The report shall be transmitted to the national Parliament, the government and other authorities as designated by national law. It shall be made available to the public, the European Commission and the European Data Protection Board.

Directive close

Art. 28

(….).

5. Each supervisory authority shall draw up a report on its activities at regular intervals. The report shall be made public.

(….).

Personal Data Protection Act

Article 7.

[…]

(6) (Last Amendment, SG No. 103/2005) The Commission submits an annual report on its activities to the National Assembly before January, 31st every year.

[...]

Article 10. (Last Amendment - SG No. 105/2011, in force as of 29.12.2011)

[…]

(3) (Last Amendment, SG No. 91/2006) The Commission issues a bulletin where it publishes information about its activities and decisions taken. The bulletin also contains the report referred to in Art. 7, Para 6.

Norway close

Pol. § 42 Datatilsynets organisering og oppgaver

Datatilsynet er et uavhengig forvaltningsorgan administrativt underordnet Kongen og departementet. Kongen og departementet kan ikke gi instruks om eller omgjøre Datatilsynets utøving av myndighet i enkelttilfeller etter loven.

Datatilsynet skal

1) føre en systematisk og offentlig fortegnelse over alle behandlinger som er innmeldt etter § 31 eller gitt konsesjon etter § 33, med opplysninger som nevnt i § 18 første ledd jf. § 23,

2) behandle søknader om konsesjoner, motta meldinger og vurdere om det skal gis pålegg der loven gir hjemmel for dette,

3) kontrollere at lover og forskrifter som gjelder for behandling av personopplysninger blir fulgt, og at feil eller mangler blir rettet,

4) holde seg orientert om og informere om den generelle nasjonale og internasjonale utviklingen i behandlingen av personopplysninger og om de problemer som knytter seg til slik behandling,

5) identifisere farer for personvernet, og gi råd om hvordan de kan unngås eller begrenses,

6) gi råd og veiledning i spørsmål om personvern og sikring av personopplysninger til dem som planlegger å behandle personopplysninger eller utvikle systemer for slik behandling,3 herunder bistå i utarbeidelsen av bransjevise atferdsnormer,

7) etter henvendelse eller av eget tiltak gi uttalelse i spørsmål om behandling av personopplysninger, og

8) gi Kongen årsmelding om sin virksomhet.

Datatilsynet ledes av en direktør som utnevnes av Kongen. Kongen kan bestemme at direktøren ansettes på åremål.Avgjørelser som Datatilsynet fatter i medhold av § 9, § 12, § 27, § 28, § 30, § 33, § 34, § 35, § 44, § 46 og § 47 kan påklages til Personvernnemnda.4 Avgjørelser som fattes i medhold av § 27 eller § 28 kan påklages videre til Kongen dersom avgjørelsen gjelder personopplysninger som behandles for historiske formål.

close