Data protection case law Court of Justice

Right to an effective judicial remedy against a controller or processor

Home > General data protection law > Chapter VIII - Remedies, liability and penalties > Right to an effective judicial remedy against a controller or processor
5 pending referrals

Referral C-655/23 (Quirin Privatbank, 7 Nov 2023)


Referral C-563/23 (Natsionalnata agentsia za prihodite, 12 Sep 2023)


Referral C-332/23 (Inspektorat kam Visshia sadeben savet, 25 May 2023)


Referral C-21/23 (Lindenapotheke, 19 Jan 2023)


Referral C-456/22 (Gemeinde Ummendorf, 8 Jul 2022)


2 preliminary rulings

of 12 Jan 2023, C-132/21 (Nemzeti Adatvédelmi és Információszabadság Hatóság)

Article 77(1), Article 78(1) and Article 79(1) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), read in the light of Article 47 of the Charter of Fundamental Rights of the European Union,must be interpreted as permitting the remedies provided for in Article 77(1) and Article 78(1) of that regulation, on the one hand, and Article 79(1) thereof, on the other, to be exercised concurrently with and independently of each other. It is for the Member States, in accordance with the principle of procedural autonomy, to lay down detailed rules as regards the relationship between those remedies in order to ensure the effective protection of the rights guaranteed by that regulation and the consistent and homogeneous application of its provisions, as well as the right to an effective remedy before a court or tribunal as referred to in Article 47 of the Charter of Fundamental Rights.

Judgment of 7 May 2009, C-553/07 (Rijkeboer)

Article 12(a) of Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data requires Member States to ensure a right of access to information on the recipients or categories of recipient of personal data and on the content of the data disclosed not only in respect of the present but also in respect of the past. It is for Member States to fix a time-limit for storage of that information and to provide for access to that information which constitutes a fair balance between, on the one hand, the interest of the data subject in protecting his privacy, in particular by way of his rights to object and to bring legal proceedings and, on the other, the burden which the obligation to store that information represents for the controller.Rules limiting the storage of information on the recipients or categories of recipient of personal data and on the content of the data disclosed to a period of one year and correspondingly limiting access to that information, while basic data is stored for a much longer period, do not constitute a fair balance of the interest and obligation at issue, unless it can be shown that longer storage of that information would constitute an excessive burden on the controller. It is, however, for national courts to make the determinations necessary.

Disclaimer