In its judgment published today, the European Court of Justice held that the operator of an online marketplace is responsible for the processing of personal data contained in advertisements published on its platform. The operator must identify, before publication, advertisements that contain sensitive data and verify that the advertiser is actually the person whose data appears in such an advertisement or that the advertiser has the explicit consent of that person.
Section 2a (5) no. 2 of the German Fiscal Code states that the provisions of the General Data Protection Regulation (GDPR) apply accordingly to information relating to identified or identifiable corporations. The GDPR does not contain a right to the inspection of files, the Supreme Tax Court said in a most recent decision.
The access to tax files after the taxation proceedings have been carried out is not permitted if the taxpayer wishes to pursue non-tax-related purposes, such as the examination of a claim for damages against the tax advisor. In its decision the Supreme Tax Court noted that this does not affect the right to information on the processing of personal data in accordance with the General Data Protection Regulation.
The Cologne Higher Regional Court decided on 3 May 2023 that a former chairman of the board of a registered association has no right to have his personal data deleted from the Associations Register.
In a Belgian case, the European Court of Justice clarified the term "personal data" and the conditions under which a sectoral organization, insofar as it provides its members with a framework of rules on consent to the processing of personal data, is to be classified as a "joint controller"’ within the meaning of the General Data Protection Regulation (GDPR). The ECJ also comments on the limits of the joint and several liability of such an organization.
In two judgments the European Court of Justice (ECJ) clarified the conditions under which national supervisory authorities may impose an administrative fine following an infringement of the General Data Protection Regulation. In particular, it held that the imposition of such a fine requires that there be wrongful conduct; in other words, that the infringement has been committed intentionally or negligently.
The action brought by Meta Platforms Ireland (Facebook group) against a request from the EU-Commission for release of documents identified by means of search terms or by way of specific keywords was dismissed by the European General Court.
In its judgement of 16 January 2019, the European Court of Justice (ECJ) held that the information required by the customs authorities from legal persons applying for authorised economic status (AEO) under the Union Customs Code - in particular the tax identification numbers and the name of the responsible tax offices of certain employees of the applicant – was lawful within the ambit of Directive 95/46/EC and Regulation (EU) 2016/679 governing the protection of individuals with regard to the processing of personal data and on the free movement of such data.
