EDPB vs administrative law: Reading the EDPB’s Pseudonymisation Guidelines once more (for the public consultation), the question of “why?” keeps repeating in my mind. Why use certain wording, why publish the Guidelines now? The list of CJEU judgments the Guidelines contradict is long already (Breyer, Scania, IAB Europe), and now the Advocate General’s Opinion in SRB – if followed by the CJEU – could be an additional nail in the coffin of the Guidelines.
It seems like an appropriate moment to highlight some of the general principles applicable to EU administrative procedural law. Principles such as the principle of legality (Article 52(1) the EU Charter of Fundamental Rights) or the principle of legal certainty (“which requires that legal rules be clear and precise, and aims to ensure that situations and legal relationships governed by [EU] law remain foreseeable” – CJEU, C-199/03). Or the principle of impartiality, which is part of the principle of good administration (Article 41 of the EU Charter of Fundamental Rights).
Sure, the EDPB might be sticking up for one of its members, the European Data Protection Supervisor, which is a party to the SRB case before the CJEU. But making the EDPS’s position the EDPB’s own, in the middle of a high-profile case before the CJEU, is not exactly suggestive of impartiality (especially when the arguments on the opposite side – which are supported by *three* CJEU cases, by a judgment of the General Court of the EU [SRB v EDPS] and now also by the Advocate General’s Opinion in the appeal case itself, EDPS v SRB – are not even given proper consideration in the Guidelines).
But administrative law rules don’t apply to EDPB Guidelines”, some might claim. Perhaps, but then we have to recognise that those Guidelines are of no legal value.
Either they have a certain degree of authority, in which case administrative law principles apply, or they are just a piece of paper to be ignored.
Unfortunately, so far there have been a few instances of case law being influenced by Guidelines (notably case C-252/21 – AG Santos’s Opinion in particular illustrates this perfectly, through wrong CJEU citations and reliance on the Online Services Guidelines).
EU Institutions should favour caution over partiality in any publications, and that is true also of the EDPB.
Using Guidelines to promote a specific view while a case is pending involving one of the EDPB’s members? Perhaps not the most cautious approach.
So reach out if you need a hand with comments to the EDPB on the Pseudonymisation Guidelines!
Read my post highlighting some issues with the EDPB’s Guidelines: https://lnkd.in/dBqErWhe
And my analysis of the Advocate General’s Opinion in the EDPS v SRB case: https://lnkd.in/dSnd8czZ
Data protection GDPR privacy
Did this analysis get you thinking? Reach out!
DataLaws.net is entirely open-access, and instead of getting your data in exchange for this content, how about another trade? If this commentary saved you research time or sparked an idea, feel free to invite me over for tea, chai or a hot chocolate next time you are around Brussels or Antwerp - or invite me over to your offices for a chat!
Get in touch ↗ Let's connect on LinkedIn ↗