Abstract
Directive 2016/680 provides for two procedures for the exercise of the rights of access to one's data: a direct one (that is, directly against the law enforcement authority) and an ‘indirect’ one, in which the responsible Data Protection Authority (DPA) exercises the right of access of the data subject against the law enforcement authority which refused the direct access, including by carrying out a legality check on the data processing of the personal data of the individual requesting access. The recent judgment in Ligue des droits humains ASBL treated the question of the powers of DPAs in the framework of this procedure, amongst others, as a matter of DPA independence. Existing literature has observed that the implementing laws of three Member States – Belgium, France and Germany – severely restrict the powers of the DPAs when these perform the ‘indirect’ right of access, for example to carry out the legality check and inform the individuals of the results of the check. In the this article we will argue that these national restrictions constitute an unjustified interference with the requirement on DPA independence in EU data protection law, including in Article 8(3) of the EU Charter of Fundamental Rights.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: Maastricht Journal of European and Comparative Law
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
