Guidelines 9/2020 on relevant and reasoned objection under Regulation 2016/679

SECTION 2  «RELEVANT AND REASONED» OBJECTION

5. Article 4(24) GDPR defines “relevant and reasoned objection” as an objection to a draft decision as to whether there is an infringement of this Regulation, or whether envisaged action in relation to thecontroller or processor complies with this Regulation, which clearly demonstrates the significance of the risks posed by the draft decision as regards the fundamental rights and freedoms of data subjects and, where applicable, the free flow of personal data within the Union”.

6. This concept serves as a threshold in situations where CSAs aim to object to a (revised) draft decision to be adopted by the LSA under Article 60 GDPR. As the unfamiliarity surrounding “what constitutes relevant and reasoned objection” has the potential to create misunderstandings and inconsistent applications by the supervisory authorities, the EU legislator suggested that the EDPB should issue guidelines on this concept(end of Recital 124 GDPR).

7. An objection submitted by a CSA should indicate each part of the draft decision that is considered deficient, erroneous or lacking some necessary elements, either by referring to specific articles/paragraphs or by other clear indication, and showing why such issues are to be deemed “relevant” as further explained below. Therefore, the objection aims, first of all, at pointing out how and why according to the CSA the draft decision does not appropriately address the situation of infringement of the GDPR and/or does not envision appropriate action towards the controller orprocessor. The proposals for amendments put forward by the objection should aim to remedy these errors.

8. Indeed, the degree of detail of the objection and the depth of the analysis included therein may be affected by the degree of detail in the content of the draft decision and by the degree of involvement of the CSA in the process leading to the draft decision issued by the LSA. Therefore, the standard of “relevant and reasoned objection” is grounded on the assumption that the LSA’s obligation to exchange all relevant information is complied with, allowing the CSA(s) to have an in-depth understanding of the case and therefore to submit a solid and well-reasoned objection. To this end, the need for each legally binding measure of SAs to “give the reasons for the measure” (see Recital 129 GDPR) should also be kept in mind. The degree of involvement of the CSA in the process leading to the draft decision, if it leads to an insufficient knowledge of all the aspects of the case, can therefore be considered as an element to determine the degree of detail of the relevant and reasoned objection in a more flexible way.

9. The EDPB would first like to emphasise that the focus of all SAs involved should be on eliminating any deficiencies in the consensus-building process in such a way that a consensual draft decision is the result. Whilst acknowledging that raising an objection is not the most preferable tool to remedy an insufficient degree of cooperation in the preceding stages of the OSS proceeding, the EDPB nevertheless acknowledges that it is an option open to CSAs. This would be a last resort to also remedy (alleged) deficiencies in terms of their involvement by the LSA in the process that should have led to a consensus-based draft decision, including as regards the legal reasoning and the scope of the investigations carried out by the LSA in respect of the case at hand.

10. The GDPR requires the CSA to justify its position on the draft decision by submitting an objection that is “relevant” and “reasoned”. It is crucial to bear in mind that the two requirements, “reasoned” and “relevant”, are to be deemed cumulative, i.e. both of them have to be met. Consequently, Article 60 (4) requires the LSA to submit the matter to the EDPB consistency mechanism when it is of the opinion that the objection does not meet at least one of the two elements.

11. The EDPB strongly advises the SAs to raise their objections and exchange information through the information and communication system set up for the exchange of information among SAs. They should be clearly marked as such by using the specific dedicated functions and tools.