Court case 3-19-579 – Court Ruling (Estonia, 2019)

The complainant made a submission to the Estonian DPA, which the DPA interpreted as a request for information and not as a complaint in terms of Article 77(1) GDPR. The complainant, however, expected the submission to be processed as a complaint within the meaning of Article 77(1) GDPR. The issue was mainly to know the margin of discretion within which the AKI assesses the complaints submitted and to what extend the administrative judge can review it. The court found that the complainant's submission to the DPA clearly requested DPA assistance in preventing unlawful use of the complainant's personal data and interpreting it merely as a request for information was not justified. The court emphasized that the intent of a submission must be considered by the DPA and that a more convenient process cannot be selected merely because a complaint is vaguely formulated or the content briefly stated. The court further noted that a complainant does not need to outline which data protection measures they expect the DPA to undertake, nor do they even need to understand what are the measures available to the DPA - rather, the DPA must evaluate the substance of a complaint and decide for itself which measures are appropriate and accompany any refusal to process a complaint with the required justification. The decision references Article 77(1) GDPR and Estonian Data Protection Act §28 p 1.