In the European Union, compliance with data protection requirements is overseen by public authorities (ie data protection authorities or DPAs), who ‘shall act with complete independence in exercising the functions entrusted to them’.1 Given the growing number of countries around the world that have adopted data protection legislation based on the EU model, the requirement of having an independent data protection authority has spread to other regions as well. This requirement has recently been reinforced by the judgment of the European Court of Justice (ECJ) in the case Commission v Germany,2 where the Court found that the DPAs of the German federal states (Länder) were structured so as to be subject to governmental oversight, and that Germany had thus failed to properly implement Article 28(1) of the EU Data Protection Directive.
|Number of pages||2|
|Journal||International Data Privacy Law|
|Publication status||Published - 14 Nov 2011|