Bundesbeauftragter für den Datenschutz und die Informationsfreiheit (Germany) – Court Ruling (Germany, 2021)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A German court ruled that a job center did not need to reinstate its dismissed Data Protection Officer (DPO) because it had already appointed a new one. The court found that the data protection authority overstepped by trying to enforce the reinstatement.
What happened
The Job Centre of Diepholz dismissed its Data Protection Officer and was ordered to reinstate them, but the court found this order unnecessary.
Who was affected
The Job Centre of Diepholz and its dismissed Data Protection Officer.
What the authority found
The court decided that the data protection authority could not force the job center to reinstate the dismissed DPO because appointing or dismissing a DPO is not considered data processing.
Why this matters
This ruling clarifies that data protection authorities cannot mandate the rehiring of DPOs, emphasizing the limits of their enforcement powers. Organizations should understand their rights and obligations when appointing or dismissing DPOs.
GDPR Articles Cited
The Job Centre of Diepholz (controller) dismissed its Data Protection Officer (DPO). The German Federal Data Protection Authority (BfDI - Bundesbeauftragter für den Datenschutz und die Informationsfreiheit) issued an immediately enforceable order against the Job Centre under Article 58(2)(d) GDPR to bring its processing into compliance with the GDPR and re-designate the dismissed DPO. The controller applied for interim relief before the Administrative Court of Köln (VG Köln - Verwaltungsgericht Köln) against this order. The VG Köln held that there was no necessity for the BfDI to make the order immediately enforceable because the controller had already designated a new DPO. Furthermore, the court concluded that Article 58(2)(d) GDPR does not empower the DPA to order the controller to re-designate its dismissed DPO, because neither designating nor dismissing a DPO constitutes processing according to Article 4(2) GDPR
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for Bundesbeauftragter für den Datenschutz und die Informationsfreiheit (Germany) in DE
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Bundesbeauftragter für den Datenschutz und die Informationsfreiheit (Germany) - Germany (2021). Retrieved from cookiefines.eu
Last updated: