CASE LAW Update: The Court of Justice of the EU Clarifies Controller Obligations in GDPR

  • CJEU has just delivered its ruling in Case C-60/22 on GDPR compliance. The court clarified that a breach by a controller of the obligations laid down in Articles 26 and 30 GDPR does not in itself confer on the data subject a right to erasure or to restriction of processing.

  • The controller is not in breach of the principle of ‘accountability’ within the meaning of Article 5(2) of the GDPR. However, the court also noted that a data subject’s consent is not a precondition for the lawfulness of the examination of that data by a national court, where the controller has not complied with its obligations under Articles 26 or 30 GDPR.