28.3.2022   

EN

Official Journal of the European Union

C 138/19


Request for a preliminary ruling from the Verwaltungsgerichtshof (Austria) lodged on 14 January 2022 — Datenschutzbehörde (Austria)

(Case C-33/22)

(2022/C 138/22)

Language of the case: German

Referring court

Verwaltungsgerichtshof

Parties to the main proceedings

Appellant on a point of law: Datenschutzbehörde (Austria)

Other parties to the proceedings: WK; President of the Nationalrat

Questions referred

1.

Do activities of a committee of inquiry set up by a Parliament of a Member State in the exercise of its right to scrutinise the executive fall within the scope of EU law within the meaning of the first sentence of Article 16(2) TFEU, irrespective of the subject matter of the inquiry, with the result that Regulation (EU) 2016/679 (1) of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, (General Data Protection Regulation; ‘the GDPR’) is applicable to the processing of personal data by a parliamentary committee of inquiry of a Member State?

If Question 1 is answered in the affirmative:

2.

Do activities of a committee of inquiry which has been set up by a Parliament of a Member State in the exercise of its right to scrutinise the executive and which has as the subject matter of its inquiry the activities of a police State-protection authority, that is to say, activities concerning the protection of national security within the meaning of recital 16 of the GDPR, come within the scope of the exception set out in Article 2(2)(a) of the GDPR?

If Question 2 is answered in the negative:

3.

If — as in the present case — a Member State has established only one single supervisory authority in accordance with Article 51(1) of the GDPR, does the competence of that authority in respect of complaints within the meaning of Article 77(1) of the GDPR, in conjunction with Article 55(1) thereof, already arise directly from the GDPR?


(1)  Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ 2016 L 119, p. 1).