CASE LAW Update: The Court of Justice of the EU Clarifies Controller Obligations in GDPR
CJEU has just delivered its ruling in Case C-60/22 on GDPR compliance. The court clarified that a breach by a controller of the obligations laid down in Articles 26 and 30 GDPR does not in itself confer on the data subject a right to erasure or to restriction of processing.
The controller is not in breach of the principle of ‘accountability’ within the meaning of Article 5(2) of the GDPR. However, the court also noted that a data subject’s consent is not a precondition for the lawfulness of the examination of that data by a national court, where the controller has not complied with its obligations under Articles 26 or 30 GDPR.