GBA – Court Ruling (Belgium, 2020)

After ceasing her notary activity, the applicant engaged in a liquidation dispute with her former business partner and their accounting office. This dispute arose as the accounting office (1) failed to fulfill several ethical obligations and (2) transferred files containing personal data about the applicant to the former partner (without the applicant’s consent). The Litigation Chamber of the Data Protection Authority declared the applicant’s complaint admissible, but dismissed it for the following opportunity reasons: * the complaint did not contain any grievances that a have a “broad social impact”; * another complaint was pending with the competent authority with regard to the ethical and professional mistakes ; * taking into account the resources available, the DPA should make choices regarding the type of files it will follow up on grants. The applicant subsequently appealed to the Market Court of the Brussels Court of Appeal against the aforementioned dismissal decision of the DPA. Should Article 57.1, f) GDPR be read as such that supervisory authorities may not dismiss complaints but should instead review the full substance of the allegations in each complaint? In other words, does the data subjects' right to lodge a complaint under Article 77 GDPR equals the right to claim a full substantive investigation and a full substantive assessment by the supervisory authority? Article 57 GDPR provides that the supervisory authority must "examine the content of the complaint" only "to the extent that is appropriate". There is therefore no absolute obligation but a discretionary power for the supervisory authority to make a full substantive investigation and a full substantive assessment of the complaint. If the supervisory authority considers that a treatment of the case on substantive merits is not appropriate (due to policy considerations, for example), it is authorized to dismiss the complaint. The option to dismiss is indeed one of the consequences that can