Back to EUR-Lex homepage

EUR-Lex Access to European Union law

Back to EUR-Lex homepage

This document is an excerpt from the EUR-Lex website

Use quotation marks to search for an "exact phrase". Append an asterisk (*) to a search term to find variations of it (transp*, 32019R*). Use a question mark (?) instead of a single character in your search term to find variations of it (ca?e finds case, cane, care).
Search tips
Need more search options? Use the Advanced search
You are here

Document 62022TN0354

Case T-354/22: Action brought on 9 June 2022 — Bindl v Commission

OJ C 294, 1.8.2022, p. 39–41 (BG, ES, CS, DA, DE, ET, EL, EN, FR, GA, HR, IT, LV, LT, HU, MT, NL, PL, PT, RO, SK, SL, FI, SV)

1.8.2022   

EN

Official Journal of the European Union

C 294/39

Action brought on 9 June 2022 — Bindl v Commission

(Case T-354/22)

(2022/C 294/56)

Language of the case: German

Parties

Applicant: Thomas Bindl (Munich, Germany) (represented by: T. Herbrich, lawyer)

Defendant: European Commission

Form of order sought

The applicant claims that the Court should:

declare invalid the transfers, initiated by the defendant when the applicant visited the website ‘https://futureu.europa.eu’ on 30 March 2022 and on 8 June 2022 and registered for the ‘GoGreen’ event on 30 March 2022, of the applicant’s personal data to recipients established in third countries without ensuring an adequate level of protection for the applicant, in breach of Chapter V of Regulation (EU) 2018/1725; (1)

find that the defendant unlawfully failed to act on the applicant’s request for information of 1 April 2022 regarding the defendant’s processing of his personal data and the appropriate safeguards under Article 48 of Regulation (EU) 2018/1725 relating to transfers to recipients established in third countries;

order the defendant to pay compensation in the amount of EUR 1 200,00plus interest in the amount of 2 percentage points above the respective interest rate set by the European Central Bank for its main refinancing operations, from the date of delivery of judgment, for the damage caused to the applicant by the misapplication of Regulation (EU) 2018/1725;

order the defendant to pay the costs of the proceedings.

Pleas in law and main arguments

In support of the action, the applicant relies on five pleas in law.

1.

First plea in law, alleging misapplication of the first sentence of Article 46 and of Article 48(1) and (2)(b) of Regulation (EU) 2018/1725.

The defendant transferred the applicant’s personal data to recipients established in the United States of America when the applicant visited the website ‘https://futureu.europa.eu’. The United States is a third country in respect of which the Commission has not adopted any adequacy decision.

A transfer of the applicant’s personal data to recipients established in the United States carried out on the basis of standard contractual clauses in accordance with Article 48(2)(b) of Regulation (EU) 2018/1725, in the absence of additional technical and organisational safeguards, does not constitute an appropriate safeguard ensuring an adequate level of protection in the United States.

2.

Second plea in law, alleging infringement of the applicant’s fundamental rights under Articles 7 and 8 of the Charter of Fundamental Rights of the European Union (‘the Charter’).

The limitations on the applicant’s fundamental rights under Articles 7 and 8 of the Charter, resulting from the fact that US authorities are permitted under US law to access and use data transferred from the European Union to the United States, are not regulated in such a way as to fulfil requirements that would be essentially equivalent to those existing in EU law under the second sentence of Article 52(1) of the Charter.

Neither 50 US Code § 1881a (Section 702 FISA) nor Executive Order 12333 ensures that Union citizens have the opportunity or right to oppose access to their personal data or to enforce effectively their rights under Regulation (EU) 2018/1725.

The applicant’s right of access under Article 17(1) and (2) of Regulation (EU) 2018/1725 is an essential condition for the enjoyment of his fundamental rights under Article 7 and Article 8(1) of the Charter. The defendant is depriving the applicant of the possibility of enforcing his fundamental rights due to its failure to act on his request for information. The encroachment on the fundamental rights under Article 7 and Article 8(1) of the Charter which accompanied the defendant’s failure to act is therefore not justified.

3.

Third plea in law, alleging infringement of the applicant’s fundamental rights under Article 47 of the Charter.

US law does not provide for any possibility of judicial protection against access to Union citizens’ personal data by US security agencies and intelligence services.

In view of the surveillance programmes of the US security agencies and intelligence services — for example, PRISM and UPSTREAM — which are based on 50 US Code § 1881a (Section 702 FISA) and Executive Order 12333, neither Presidential Policy Directive 28 nor Executive Order 12333 grants data subjects actionable rights before the courts against the US authorities.

4.

Fourth plea in law, alleging misapplication of Article 17(1) and (2) of Regulation (EU) 2018/1725 and of Article 14(3) and (4) of Regulation (EU) 2018/1725.

The defendant unlawfully failed to provide the applicant, following his request for information of 1 April 2022, with the information referred to in Article 17(1) and (2) of Regulation (EU) 2018/1725, in particular regarding the safeguards under Article 48 of Regulation (EU) 2018/1725, within the one-month period in accordance with the first sentence of Article 14(3) of Regulation (EU) 2018/1725.

The defendant unlawfully failed either to communicate to the applicant under the second sentence of Article 14(3) of Regulation (EU) 2018/1725 the reasons for a possible extension of the period for providing the information, or to inform the applicant under Article 14(3) and (4) of Regulation (EU) 2018/1725, within one month of receipt of the request, of the grounds for refusing to provide the information and of judicial and non-judicial remedies.

5.

Fifth plea in law, alleging non-material damage.

The applicant claims that he suffered non-material damage in the amount of EUR 1 200 by reason of the defendant’s refusal to provide the requested information, the uncontrolled transfer of the applicant’s personal data by the defendant to recipients established in the United States, and the associated uncertainty regarding unlawful surveillance of Internet traffic.

(1)  Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ 2018 L 295, p. 39).

Top