About | HeinOnline Law Journal Library | HeinOnline Law Journal Library | HeinOnline
LOG IN
LOG IN

2 Int'l Data Priv. L. 1 (2012)

handle is hein.journals/intldatpc2 and id is 1 raw text is: International Data Privacy Law, 2012, Vol. 2, No. 1 The intricacies of independence Christopher Kuner*, Fred H. Cate**, Christopher Millard**, and Dan Jerker B. Svantesson*** In the European Union, compliance with data protec- tion requirements is overseen by public authorities (ie data protection authorities or DPAs), who 'shall act with complete independence in exercising the functions entrusted to them'.' Given the growing number of countries around the world that have adopted data protection legislation based on the EU model, the requirement of having an independent data protection authority has spread to other regions as well. This requirement has recently been reinforced by the judg- ment of the European Court of Justice (ECJ) in the case Commission v Germany,2 where the Court found that the DPAs of the German federal states (Lander) were structured so as to be subject to governmental oversight, and that Germany had thus failed to properly implement Article 28(1) of the EU Data Protection Directive. These developments lead to reflection on the concept of 'independence'. As the ECJ found, the basis for re- quiring independence is that it helps ensure the effect- iveness and reliability of supervision by allowing the authorities to carry out their tasks free from external in- fluence.3 The experience in Europe shows the need for such regulatory independence, given that governments sometimes have sought to influence the work of the data protection authorities (one such example is the res- ignation en masse of the entire Greek Data Protection Commission in 2007 for alleged political interference). However, the issue of independence is more complex than it may seem at first glance. While independence is indeed an indispensable requirement for the work of DPAs, complete and total independence is never pos- sible, or even desirable, on the part of any public authority. Principles of accountability and transparency * Editor-in-Chief ** Editor ***Managing Editor 1 EU Directive 95/46/EC, Article 28(1). 2 Case C-518/07 [2010] ECR 1-0000. 3 Ibid. para. 25. 4 See European Union Agency for Fundamental Rights, 'Data Protection in the European Union: the Role of National Data Protection Authorities' (2010), <http://fra.europa.eu/fraWebsite/attachments/Data-protectionen. require that a supervisory authority be answerable for its actions (eg through the possibility of judicial review), and that it be subject to controls in order to ensure its integrity. There are also different types of independence. The ECJ decision concentrates on legal independence, that is how the DPAs are set up and structured so as to be free of undue governmental influence. However, just as important is independence in terms of financial and personnel resources. Indeed, many European data pro- tection commissioners complain that they have insuffi- cient resources to do their jobs properly (a view supported by a recent study of the European Agency for Fundamental Rights).4 Indeed, one European DPA even had to shut down its operations for several months toward the end of 2010 because it had com- pletely run out of funds. Some European governments have used structural independence as a 'poisoned chalice, freeing their DPAs from being part of govern- ment ministries but also making it clear that from that point the DPA is required to provide for its own budget. It is therefore welcome that the European Commission has taken a broad view of the concept of independence of the DPAs in its current review of the EU data protection framework.5 Independence may also be viewed differently in dif- ferent legal cultures. For instance, one non-EU DPA has stated privately that in its country, being part of a government ministry gives it more 'clout' and results in it being taken more seriously than if it were set up as a free-standing, independent regulatory authority. It may therefore be necessary to consider the complete legal and political structure of a country before determining whether its data protection regulator is independent. pdf>, at 42, accessed 19 October 2011, finding that eleven out of twenty- seven national data protection authorities in the EU Member States were unable to carry out the entirety of their tasks because of a lack of financial and human resources. 5 See European Commission, Communication from the Commission to the European Parliament, the Council, the Economic and Social Committee and the Committee of the Regions, 'A comprehensive approach on personal data protection in the European Union, COM(2010) 609 final, 4 November 2010, at 17. C The Author 2011. Published by Oxford University Press. All rights reserved. For Permissions, please email: journals.permissions@oup.com 1

What Is HeinOnline?

HeinOnline is a subscription-based resource containing thousands of academic and legal journals from inception; complete coverage of government documents such as U.S. Statutes at Large, U.S. Code, Federal Register, Code of Federal Regulations, U.S. Reports, and much more. Documents are image-based, fully searchable PDFs with the authority of print combined with the accessibility of a user-friendly and powerful database. For more information, request a quote or trial for your organization below.



Short-term subscription options include 24 hours, 48 hours, or 1 week to HeinOnline.

Purchase Access

Contact us for annual subscription options:

Contact Us

Already a HeinOnline Subscriber?

Log In

profiles profiles most