Overview
This article ensures that if a court in one Member State becomes aware of proceedings regarding the same subject matter and involving the same controller or processor pending in another Member State, it must confirm the existence of those proceedings. Courts may suspend their proceedings or decline jurisdiction to avoid duplicate litigation and ensure efficient resolution.
Key Principles
Judicial Coordination: Prevents conflicting or duplicate proceedings across Member States.
Efficiency: Promotes streamlined legal processes and avoids unnecessary litigation.
Confirmation Requirement: Courts must verify the existence of parallel proceedings.
Jurisdiction Management: Courts may suspend proceedings or decline jurisdiction based on findings.
Protection of Rights: Ensures data subjects’ rights are effectively addressed without conflicting judgments.
Organizational Applicability
This article applies to:
Courts in EU Member States adjudicating GDPR-related cases.
Controllers and processors involved in cross-border legal proceedings.
Supervisory authorities coordinating with courts to ensure compliance and consistency.
Legal and compliance teams managing cross-border regulatory risks.
Implementation Requirements
Establish procedures for courts to confirm parallel proceedings in other Member States.
Suspend or decline jurisdiction where appropriate to avoid duplicate litigation.
Document decisions and notifications related to suspension or jurisdiction management.
Coordinate with supervisory authorities to maintain consistent GDPR enforcement.
Implementation Guidance
Maintain a registry or mechanism for tracking cross-border GDPR proceedings.
Train legal staff on recognizing and handling potential duplicate cases.
Develop communication protocols between courts and supervisory authorities.
Periodically review procedures to ensure effective coordination and compliance.
Periodic Review
Frequency: Annually or when new cross-border cases or procedural changes occur.
Responsible Role: Courts, Legal Departments, and Supervisory Authorities.
Outcome: Ensure proceedings are coordinated, efficient, and avoid duplication while protecting data subject rights.
Non-Compliance Risks
Fines: Up to €20 million or 4% of global annual turnover for supervised entities failing GDPR obligations.
Legal Exposure: Conflicting judgments or unresolved cross-border disputes.
Reputational Damage: Loss of confidence in courts’ ability to manage GDPR proceedings effectively.
Operational Risk: Duplicate litigation may delay remedies and create inefficiencies in GDPR enforcement.