Artikkel 55
Competence

Offisielle tekster Retningslinjer
og beslutninger
Vurderinger
EU-regulering
Vurderinger
nasj. regulering
Vis forordningens fortaletekst relatert til art. 55 keyboard_arrow_down Skjul forordningens fortaletekst relatert til art. 55 keyboard_arrow_up

(122) The general conditions for the member or members of the supervisory authority should be laid down by law in each Member State and should in particular provide that those members are to be appointed, by means of a transparent procedure, either by the parliament, government or the head of State of the Member State on the basis of a proposal from the government, a member of the government, the parliament or a chamber of the parliament, or by an independent body entrusted under Member State law. In order to ensure the independence of the supervisory authority, the member or members should act with integrity, refrain from any action that is incompatible with their duties and should not, during their term of office, engage in any incompatible occupation, whether gainful or not. The supervisory authority should have its own staff, chosen by the supervisory authority or an independent body established by Member State law, which should be subject to the exclusive direction of the member or members of the supervisory authority.

Vis direktivets fortaletekst relatert til art. 55 keyboard_arrow_down Skjul direktivets fortaletekst relatert til art. 55 keyboard_arrow_up

(62) Whereas the establishment in Member States of supervisory authorities, exercising their functions with complete independence, is an essential component of the protection of individuals with regard to the processing of personal data;

GDPR

Article 55 begins by restating the rule contained in Article 28, paragraphs 1 and 3, of the Directive that each supervisory authority shall be competent for the performance of the tasks assigned and the exercise of the powers conferred on it.

In its first version, Article 55 of the draft Regulation also provides a new competence, that of lead authority when the controller or the processor is established in several Member States, in order to ensure uniform application ("single window").

This new competence of the lead supervisory authority is now subject to a specific provision in Article 56 and will therefore be discussed under that provision. It was already noted that Article 55 makes Article 56 inapplicable where the processing is carried out by public authorities or private bodies acting on the basis of article 6, paragraph 1, point (c) (i.e. when the processing is necessary for compliance with a legal obligation to which the controller is subject) or (e) (i.e. when the processing is necessary for the performance of a task in the public interest or in the exercise of public

authority which is vested to the controller). In this case, the supervisory authority of the Member State concerned remains responsible.

Finally, pursuant to the terms of paragraph 3 of Article 55, the courts acting in their judicial capacity are not subject to the competence of the supervisory authorities to supervise processing operations but they shall still apply the material rules relating to the data protection.

Direktivet

The question of the competence of the national supervisory authority was already addressed by Article 28, paragraphs 1 and 3, of the Directive. Accordingly, each supervisory authority shall have all the powers conferred on it in the territory of the relevant Member State, in order to ensure the compliance with the data protection rules of that territory.

Pursuant to this provision, each national authority is territorially competent to exercise its powers in accordance with the procedural law of the relevant Member State, whatever the national law applicable to the processing in question.

Utfordringer

We do not see  a priori  any specific implementation difficulties.

Forordning
1e 2e

Art. 55

1.   Each supervisory authority shall be competent for the performance of the tasks assigned to and the exercise of the powers conferred on it in accordance with this Regulation on the territory of its own Member State.

2.   Where processing is carried out by public authorities or private bodies acting on the basis of point (c) or (e) of Article 6(1), the supervisory authority of the Member State concerned shall be competent. In such cases Article 56 does not apply.

3.   Supervisory authorities shall not be competent to supervise processing operations of courts acting in their judicial capacity.

1. forslag close

Art. 51

1.           Each supervisory authority shall exercise, on the territory of its own Member State, the powers conferred on it in accordance with this Regulation.

2.           Where the processing of personal data takes place in the context of the activities of an establishment of a controller or a processor in the Union, and the controller or processor is established in more than one Member State, the supervisory authority of the main establishment of the controller or processor shall be competent for the supervision of the processing activities of the controller or the processor in all Member States, without prejudice to the provisions of Chapter VII of this Regulation.

3.           The supervisory authority shall not be competent to supervise processing operations of courts acting in their judicial capacity.

2. forslag close

Art. 51

1. Each supervisory authority shall be competent to perform the tasks and exercise the powers conferred on it in accordance with this Regulation on the territory of its own Member State. (...)

2. Where the processing is carried out by public authorities or private bodies acting on the basis of points (c) or (e) of Article 6(1), the supervisory authority of the Member State concerned shall be competent. In such cases Article 51a does not apply.

3. Supervisory authorities shall not be competent to supervise processing operations of courts acting in their judicial capacity. (...).

Direktiv close

Art. 28

(…).

6. Each supervisory authority is competent, whatever the national law applicable to the processing in question, to exercise, on the territory of its own Member State, the powers conferred on it in accordance with paragraph 3. Each authority may be requested to exercise its powers by an authority of another Member State.

(…).

Art. 55

Kompetanse

1. Hver tilsynsmyndighet skal ha kompetanse til å utføre de oppgaver og utøve den myndighet den gis i samsvar med denne forordning, på sin medlemsstats territorium.

2. Dersom behandlingen utføres av offentlige myndigheter eller private organer som handler på grunnlag av artikkel 6 nr. 1 bokstav c) eller e), er det tilsynsmyndighetene i den berørte medlemsstaten som skal ha kompetanse. I slike tilfeller får artikkel 56 ikke anvendelse.

3. Tilsynsmyndigheter skal ikke ha kompetanse til å føre tilsyn med domstolers behandlingsaktiviteter når disse handler innenfor rammen av sin domsmyndighet.

Gamle loven close

Pol. § 42 Datatilsynets organisering og oppgaver

Datatilsynet er et uavhengig forvaltningsorgan administrativt underordnet Kongen og departementet. Kongen og departementet kan ikke gi instruks om eller omgjøre Datatilsynets utøving av myndighet i enkelttilfeller etter loven.

Datatilsynet skal

1) føre en systematisk og offentlig fortegnelse over alle behandlinger som er innmeldt etter § 31 eller gitt konsesjon etter § 33, med opplysninger som nevnt i § 18 første ledd jf. § 23,

2) behandle søknader om konsesjoner, motta meldinger og vurdere om det skal gis pålegg der loven gir hjemmel for dette,

3) kontrollere at lover og forskrifter som gjelder for behandling av personopplysninger blir fulgt, og at feil eller mangler blir rettet,

4) holde seg orientert om og informere om den generelle nasjonale og internasjonale utviklingen i behandlingen av personopplysninger og om de problemer som knytter seg til slik behandling,

5) identifisere farer for personvernet, og gi råd om hvordan de kan unngås eller begrenses,

6) gi råd og veiledning i spørsmål om personvern og sikring av personopplysninger til dem som planlegger å behandle personopplysninger eller utvikle systemer for slik behandling,3 herunder bistå i utarbeidelsen av bransjevise atferdsnormer,

7) etter henvendelse eller av eget tiltak gi uttalelse i spørsmål om behandling av personopplysninger, og

8) gi Kongen årsmelding om sin virksomhet.

Datatilsynet ledes av en direktør som utnevnes av Kongen. Kongen kan bestemme at direktøren ansettes på åremål.Avgjørelser som Datatilsynet fatter i medhold av § 9, § 12, § 27, § 28, § 30, § 33, § 34, § 35, § 44, § 46 og § 47 kan påklages til Personvernnemnda.4 Avgjørelser som fattes i medhold av § 27 eller § 28 kan påklages videre til Kongen dersom avgjørelsen gjelder personopplysninger som behandles for historiske formål.

close