CJEU case C‑333/22 Ligue des droits humains (Verification by the supervisory authority of data processing) – CJEU Judgment (European Union, 2023)
CJEU judgment — not a DPA enforcement action
This is a Court of Justice ruling, not an enforcement action by a data protection authority. It is not included in cookie statistics or the Risk Calculator.
The Court of Justice ruled on a case involving a person who was denied security clearance due to their participation in protests. The court decided that the person had a right to access their personal data held by the National Security Authority. This ruling is significant because it reinforces individuals' rights to know what personal data is held about them.
What happened
The Court ruled that a person denied security clearance has the right to access their personal data held by the National Security Authority.
Who was affected
A person who applied for security clearance and was denied due to their past activities was affected.
What the authority found
The Court held that individuals have the right to access their personal data under the Law Enforcement Directive.
Why this matters
This decision strengthens the rights of individuals regarding access to their personal data. It encourages transparency and accountability from authorities, which is essential for protecting personal freedoms.
In 2016 a data subject sought security clearance from the National Security Authority ("NSA") to participate in an event. The clearance was refused because of the personal data they held on the data subject. According to this data, the data subject had participated in 10 demonstrations between 2007 and 2016 which prevented him from being granted clearance. This fact was not disputed by the data subject. As required by Article 17 Directive 2016/680 (the "Law Enforcement Directive" or "LED"), as implemented by Article 42 of the Belgian implementation law, the data subject requested the Supervisory Body for Police Information ("OCIP" or "Supervisory Authority") to provide access to all the personal data the NSA held on him so that he could exercise his rights as a data subject. In reply, OCIP responded that the data subject only has an indirect right of access to that data and that OCIP itself would verify the lawfulness of its processing by the NSA. Having carried out the necessary checks, and in a narrow application of Article 17(3) LED,Directive (EU) 2016/680, the data protection law enforcement directive (LED), ensures the protection of personal data of individuals involved in criminal proceedings, be it as witnesses, victims or suspects. the OCIP informed the data subject that if necessary, the personal data had been amended or erased' from the police data banks.' This response did not give the data subject enough information to understand OCIP's decision. The data subject (in conjunction with Ligues des droits humains) filed an appeal before the Brussels First Instance Court. They asked, firstly, if the LED precluded national legislation to allow for judicial remedies against the decisions taken by the OCIP. Secondly, they asked for access to all the data subject’s personal data and the identification of the controllers and any recipients of the data. Lastly, they asked if national legislation could derogate from the right of access and allow the OCIP to merely s
Outcome
CJEU Judgment
A judgment by the Court of Justice of the European Union, typically on a preliminary reference from a national court.
Related Cases (0)
No other cases found for CJEU case C‑333/22 Ligue des droits humains (Verification by the supervisory authority of data processing) in EU
This is the only recorded case for this entity in this jurisdiction.
Details
Judgment Date
16 November 2023
Authority
Court of Justice of the European Union
GDPRhub ID
gdprhub-cjeu-6543About this data
Cite as: Cookie Fines. CJEU case C‑333/22 Ligue des droits humains (Verification by the supervisory authority of data processing) - European Union (2023). Retrieved from cookiefines.eu
Last updated: