Article 59
Activity reports

Official
Texts
Guidelines Caselaw Review of
EU Regulation
Review of
Nat. Regulation
Show the recitals of the Regulation related to article 59 keyboard_arrow_down Hide the recitals of the Regulation related to article 59 keyboard_arrow_up

(129) In order to ensure consistent monitoring and enforcement of this Regulation throughout the Union, the supervisory authorities should have in each Member State the same tasks and effective powers, including powers of investigation, corrective powers and sanctions, and authorisation and advisory powers, in particular in cases of complaints from natural persons, and without prejudice to the powers of prosecutorial authorities under Member State law, to bring infringements of this Regulation to the attention of the judicial authorities and engage in legal proceedings. Such powers should also include the power to impose a temporary or definitive limitation, including a ban, on processing. Member States may specify other tasks related to the protection of personal data under this Regulation. The powers of supervisory authorities should be exercised in accordance with appropriate procedural safeguards set out in Union and Member State law, impartially, fairly and within a reasonable time. In particular each measure should be appropriate, necessary and proportionate in view of ensuring compliance with this Regulation, taking into account the circumstances of each individual case, respect the right of every person to be heard before any individual measure which would affect him or her adversely is taken and avoid superfluous costs and excessive inconveniences for the persons concerned. Investigatory powers as regards access to premises should be exercised in accordance with specific requirements in Member State procedural law, such as the requirement to obtain a prior judicial authorisation. Each legally binding measure of the supervisory authority should be in writing, be clear and unambiguous, indicate the supervisory authority which has issued the measure, the date of issue of the measure, bear the signature of the head, or a member of the supervisory authority authorised by him or her, give the reasons for the measure, and refer to the right of an effective remedy. This should not preclude additional requirements pursuant to Member State procedural law. The adoption of a legally binding decision implies that it may give rise to judicial review in the Member State of the supervisory authority that adopted the decision.

Show the recitals of the Directive related to article 59 keyboard_arrow_down Hide the recitals of the Directive related to article 59 keyboard_arrow_up

(63) Whereas such authorities must have the necessary means to perform their duties, including powers of investigation and intervention, particularly in cases of complaints from individuals, and powers to engage in legal proceedings; whereas such authorities must help to ensure transparency of processing in the Member States within whose jurisdiction they fall;

The GDPR

Article 59 of the Regulation confirms the obligation for each supervisory authority to prepare an annual report and to transmit it to the national parliament, the government and other authorities designated by the national legislation. The report shall be made available to the public, to the Commission and to the European Data Protection Board.

The final version of the Regulation states that the report may include a list of types of infringement notified and types of measures taken in accordance with the powers vested in the supervisory authorities by Article 58 (2).

The Directive

The Directive already provided that an activity report be provided at regular intervals by the supervisory authorities (Article 28 of the Directive).

Potential issues

We do not see a priori any difficulties with this provision, which merely confirms an existing practice in most Member States.

Retour au sommaire
Regulation
1e 2e

Art. 59

Each supervisory authority shall draw up an annual report on its activities, which may include a list of types of infringement notified and types of measures taken in accordance with Article 58(2). Those reports shall be transmitted to the national parliament, the government and other authorities as designated by Member State law. They shall be made available to the public, to the Commission and to the Board.

1st proposal close

Art. 54

Each supervisory authority must draw up an annual report on its activities. The report shall be presented to the national parliament and shall be made be available to the public, the Commission and the European Data Protection Board.

2nd proposal close

Art. 54

Each supervisory authority shall draw up an annual report of its activities. The report shall be transmitted to the national Parliament, the government and other authorities as designated by national law. It shall be made available to the public, the European Commission and the European Data Protection Board.

Directive close

Art. 28

(….).

5. Each supervisory authority shall draw up a report on its activities at regular intervals. The report shall be made public.

(….).

Personal Data Protection Act

Article 7.

[…]

(6) (Last Amendment, SG No. 103/2005) The Commission submits an annual report on its activities to the National Assembly before January, 31st every year.

[...]

Article 10. (Last Amendment - SG No. 105/2011, in force as of 29.12.2011)

[…]

(3) (Last Amendment, SG No. 91/2006) The Commission issues a bulletin where it publishes information about its activities and decisions taken. The bulletin also contains the report referred to in Art. 7, Para 6.

Austria close

In force until May 25, 2018:


Organisation and Independence of the Data Protection Authority

§ 37 DSG 2000

(1) The head of the Data Protection Authority is independent and not bound by instructions in the exercise of his office.

(2) The Data Protection Authority is an administrative authority und human resource department. The Federal Finance Act shall provide for the necessary expenditures for staff and equipment. The officials of the Data Protection Authority shall be bound only by the instructions of the head. The head shall have the service prerogative over the officials of the Data Protection Authority.

(3) The Federal Chancellor can request information from the head of the Data Protection Authority about the operations of the authority. The head of the Data Protection Authority shall comply such requests only insofar as this does not compromise the independence of the supervisory authority as laid down in Article 28 paragraph 1 sub-paragraph 2 of Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data, Official Journal L 281, 23/11/1995, p. 31.

(4) The Data Protection Authority shall be heard before laws concerning essential issues of data protection and federal ordinances based on this federal law or which otherwise directly concerns important issues of data protection are enacted.

(5) The Data Protection Authority shall formulate until 31 March every year a report about its workings in the preceding calendar year, submit it to the Federal Chancellor and publish it in an appropriate manner. The report shall be submitted to the National Council and the Federal Council by the Federal Chancellor.

(6) Decisions of the Data Protection Authority of fundamental importance to the general public shall be published by the Data Protection Authority in a suitable manner while respecting official secrecy rules.

close