Land Nordrhein-Westfalen – CJEU Judgment (Austria, 2020)

D.-H.T acting as the insolvency administrator of J & S Service (‘data subject’) requested certain tax information about the data subject from the German local tax authorities (‘data controller’). The German Abgabenordnung (‘Tax Code’) extends the application of the GDPR to legal persons, not just natural persons. However, the data controller refused D.-H.T’s request for information, relying on Article 23(1)(e)&(j) GDPR and Paragraph 32 German Tax Code. D.-H.T successfully challenged this refusal at the German Administrative Court. The data controller lodged an appeal to the Higher Administrative Court which affirmed the judgment of the court of first instance, holding that because D.-H.T (a company) was the insolvency administrator of the data subject (another company), it could therefore exercise all access rights of the data subject. It also reasoned that the data subject's right to access information was not limited by any specific legislation on tax secrecy. The dissatisfied data controller lodged a further appeal against this decision to the German Federal Administrative Court which then requested a preliminary ruling from the CJEU on interpretation of Article 23(1)(j) GDPR. The Advocate General found that the CJEU lacked jurisdiction to give a preliminary ruling because the scope of the relevant provision of the German Tax Code which sought to protect information of legal persons was materially different from the scope of the GDPR which protects the personal data of natural persons. On the merits, he found that the limitation in Article 23(1)(j) GDPR applies to the enforcement of civil law claims pursued by both private persons and public bodies. He also found that this limitation in Article 23(1)(j) GDPR includes the defence against civil law claims and does not depend on the condition that a civil law claim must first be established. The CJEU emphasized that the GDPR’s main aim is to protect the fundamental right of natural persons with respect to the