Guidelines 9/2020 on relevant and reasoned objection under Regulation 2016/679

Section 2.2  “Reasoned”

17. In order for the objection to be “reasoned”, it needs to include clarifications and arguments as to why an amendment of the decision is proposed (i.e. the alleged legal / factual mistakes of the draft decision). It also needs to demonstrate how the change would lead to a different conclusion as to whether there is an infringement of the GDPR or whether the envisaged action in relation to the controller or processor complies with the GDPR.

18. The CSA should provide sound reasoning for its objection, in particular, by reference to legal arguments (relying on EU law and/or relevant national law and including e.g. legal provisions, guidelines, case law) or factual arguments, where applicable. The CSA should present the fact(s) allegedly leading to a different conclusion regarding the infringement of the GDPR by the controller/processor, or the aspect of the decision that, in their view, is deficient/erroneous.

19. Moreover, an objection is “reasoned” insofar as it is able to “clearly demonstrate” the significance of the risks posed by the draft decision as described in section 3.2 below. To this end, the objection must put forward arguments or justifications concerning the consequences of issuing a decision without the changes proposed in the objection, and how such consequences would pose significant risks.

20. In order for an objection to be adequately reasoned, it should be coherent, clear, precise and detailed in explaining the reasons for objection. It should set forth, clearly and precisely, the essential facts on which the CSA based its assessment,and the link between the envisaged consequences of the draft decision (if it was to be issued ‘as is’) and the significance of the anticipated risks. Moreover, the CSA should clearly indicate which parts of the draft decision they disagree with. In cases where the objection is based on the opinion that the LSA failed to fully investigate an important fact of the case, or an additional violation of the GDPR, it would be sufficient for the CSA to present such arguments in a conclusive and substantiated manner.

21. The CSA(s) must provide all the information (facts, documents, legal arguments) on which they are relying so as to effectively present their argument. This is fundamental in order to delimit the scope of the (potential) dispute. This means that, in principle, the CSA should aim to provide a relevant and reasoned objection in one single submission supported by all the factual and legal arguments as described above. However, within the deadline set forth by Article 60 (4) GDPR the CSA can provide additional information related to the objection raised, or additional objections, bearing in mind the need to comply with the “relevantand reasoned” requirements.

Example:  The CSA submits a formal objection, but a few days later provides the LSA with additional information through the information and communication system regarding the facts of the case. Such information may only be taken into consideration by the LSA insofar as it is provided within the deadline set forth by Article 60(4) GDPR.

If the additional information amounts to a new objection, it needs to meet the “relevant and reasoned” requirements described in this section and the CSA should submit the facts, documents and legal arguments supporting the additional information.

22. If possible, as a good practice, the objection should include a new wording proposal for the LSA to consider, which in the opinion of the CSA allows to remedy the alleged infringement. This may serve to clarify the objection better in the relevant context.