- Query in any language with multilingual search
- Access EUR-Lex and EU Commission case law
- See relevant paragraphs highlighted instantly
Similar Documents
Explore similar documents to your case.We Found Similar Cases for You
Case C-200/23, Agentsia po vpisvaniyata: Judgment of the Court (First Chamber) of 4 October 2024 (request for a preliminary ruling from the Varhoven administrativen sad – Bulgaria) – Agentsia po vpisvaniyata v OL (Reference for a preliminary ruling – Protection of natural persons with regard to the processing of personal data – Regulation (EU) 2016/679 – Publication in the commercial register of a company’s constitutive instrument containing personal data – Directive (EU) 2017/1132 – Non-compulsory personal data – Lack of consent of the data subject – Right to erasure – Non-material damage)
ECLI:EU:UNKNOWN:62023CA0200
62023CA0200
With us you find everything. Try it now!
I imagine what I want to write in my case, I write it in the search engine and I get exactly what I wanted. Thank you!
Valentina R., lawyer
Official Journal of the European Union
C series
—
C/2024/6894
25.11.2024
(Case C-200/23,
Agentsia po vpisvaniyata)
(Reference for a preliminary ruling - Protection of natural persons with regard to the processing of personal data - Regulation (EU) 2016/679 - Publication in the commercial register of a company’s constitutive instrument containing personal data - Directive (EU) 2017/1132 - Non-compulsory personal data - Lack of consent of the data subject - Right to erasure - Non-material damage)
(C/2024/6894)
Language of the case: Bulgarian
Referring court
Parties to the main proceedings
Applicant: Agentsia po vpisvaniyata
Defendant: OL
Intervening party: Varhovna administrativna prokuratura
Operative part of the judgment
1.Article 21(2) of Directive (EU) 2017/1132 of the European Parliament and of the Council of 14 June 2017 relating to certain aspects of company law must be interpreted as not imposing on a Member State an obligation to permit the disclosure, in the commercial register, of a company’s constitutive instrument subject to compulsory disclosure under that directive and containing personal data, other than the minimum personal data required, disclosure of which is not required by the law of that Member State.
2.Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), in particular Article 4(7) and (9) thereof must be interpreted as meaning that the authority responsible for maintaining the commercial register of a Member State which publishes, in that register, the personal data contained in a company’s constitutive instrument, which is subject to compulsory disclosure under Directive 2017/1132 and was transmitted to it in an application for registration of the company concerned in that register, is both a ‘recipient’ of those data and, particularly in so far as it makes them available to the public, a ‘controller’ of those data, within the meaning of that provision, even where that instrument contains personal data not required by that directive or by the law of that Member State.
3.Directive 2017/1132, in particular Article 16 thereof, and Article 17 of Regulation 2016/679 must be interpreted as precluding a Member State’s legislation or practice which leads the authority responsible for maintaining the commercial register of that Member State to refuse any request for erasure of personal data not required by that directive or by the law of that Member State, contained in a company’s constitutive instrument published in that register, where a copy of that instrument in which those data have been redacted has not been provided to that authority, contrary to the procedural rules laid down by that legislation.
4.Article 4(1) of Regulation 2016/679 must be interpreted as meaning that the handwritten signature of a natural person is covered by the concept of ‘personal data’ within the meaning of that provision.
5.Article 82(1) of Regulation 2016/679 must be interpreted as meaning that a loss of control, for a limited period, by the data subject over his or her personal data, on account of those data being made available online to the public, in the commercial register of a Member State, may suffice to cause ‘non-material damage’, provided that that data subject demonstrates that he or she has actually suffered such damage, however minimal, without that concept of ‘non-material damage’ requiring that the existence of additional tangible adverse consequences be demonstrated.
6.Article 82(3) of Regulation 2016/679 must be interpreted as meaning that an opinion of the supervisory authority of a Member State, issued on the basis of Article 58(3)(b) of that regulation, is not sufficient to exempt from liability, under Article 82(2) of that regulation, the authority responsible for maintaining the commercial register of that Member State which has the status of ‘controller’, within the meaning of Article 4(7) of that regulation.
—
(1) OJ C 223, 26.6.2023.
ELI: http://data.europa.eu/eli/C/2024/6894/oj
ISSN 1977-091X (electronic edition)
—