Preiskel & CoPreiskel & Co
Preiskel & Co
  • Home
  • About Us
    • Diversity, Social Responsibility, and Pro Bono
  • Services
    • Corporate
    • Commercial
    • Regulatory
    • Competition & Antitrust
    • Data Protection, Privacy, and Retention
    • Intellectual Property
    • Dispute Resolution
    • Employment
  • Sectors
    • Telecommunications
    • IT, Technology, & Internet
    • Media and Broadcasting
    • Websites, Blogging, & Social Media
    • Film & Television
    • Gambling & Online Gaming
    • Leisure & Retail
    • Energy & Minerals
    • Cryptocurrency & Blockchain
    • Creative Industries
  • People
    • Daniel Preiskel
    • Ronnie Preiskel
    • Tim Cowen
    • Jose Saras
    • Robert Dougans
    • Karthyaeni Vittala
    • Tina Cowen
    • D A T Green
    • Richard Stewart
    • Mor Swiel
    • Ilanit Appelfeld
    • Stephen Dnes
    • Daniel Oakland
    • Robert Harvey
    • Martina Raciti
    • Joanna Coombs-Huang
    • Xavier Prida
    • Stewart White
    • Alison MacFarlane
    • Hannah Leader
    • Peter Dally
    • Antony Corel
    • Sue Warwick
    • Tony Curzon-Price
    • Shardi Shameli
    • Stephen Hornsby
    • Ewelina James
    • Maria Constantin
    • Sophia Yakhno
    • Rachael Machado
  • International
  • Blog
  • News
    • Publications
  • Contact
Menu back  

CJEU clarifies the interpretation of purpose and storage limitation principles under the GDPR

October 27, 2022By Preiskel & Co

On 20 October 2022, the Court of Justice of the European Union (“CJEU”) issued its decision in Case C-77/21 Digi Távközlési és Szolgáltató Kft. (“Digi”) v. Nemzeti Adatvédelmi és Információszabadság Hatóság (National Authority for Data Protection and Freedom of Information, “NAIH”), relating to the request for a preliminary ruling presented by the Court of Budapest-Capital.

Specifically, the CJEU provided clarification of how Articles 5(1)(b) and 5(1)(e) of the GDPR, which deal with the principles relating to processing of personal data, are to be construed in relation to a dispute between one of the principal internet and broadcasting service providers in Hungary and the NAIH, vis-à-vis a personal data breach in a database owned by Digi.

In its decision, the CJEU concluded that Article 5(1)(b) of the GDPR must be construed in the sense that the purpose limitation principle does not necessarily prevent the recording and storing by the data controller in a database created for the purpose of analysing and rectifying errors, of personal data collected and stored in a distinct database, provided said supplementary processing is compatible with the specific purposes for which the personal data was initially collected.

The foregoing condition must therefore be analysed in light of the standards referred to in Article 6(4) of the GDPR, i.e., taking into account:

  • the link between the purposes for which the personal data was collected and the purposes of the intended further processing;
  • the context in which the personal data was collected, in particular regarding the relationship between data subjects and the controller;
  • the nature of the personal data and whether special categories are processed;
  • the possible consequences of the intended further processing; and
  • the existence of appropriate safeguards such as encryption or pseudonymisation.

On the other hand, the CJEU resolved that Article 5(1)(e) of the GDPR must be construed in the sense that the storage limitation principle indeed impedes the data controller from storing personal data originally collected for different purposes in a database created for the purpose of running tests and rectifying errors, for a prolonged period beyond that required for conducting such analysis.

The full CJEU decision can be accessed here.

Please contact Jose Saras and Xavier Prida if you have any questions about the regulatory principles applicable to personal data processing activities.

The material in this article is only for general review of the topics covered and does not constitute legal advice. No legal or business decision should be based on its content.

Latest Preiskel & Co blog posts
  • White House’s Economic Report of the President sets out a roadmap to improve competition in digital markets
    March 22, 2023
  • Brussels Conference brings in industry leaders to discuss the international antitrust landscape
    March 22, 2023
  • Issues in the UK’s forthcoming Digital Markets, Competition and Consumer Bill
    March 17, 2023
  • Stormy weather for cloud computing in the EU
    March 16, 2023
  • Inmarsat Takeover Provisionally Cleared for Take-Off
    March 10, 2023
  • EDPB’s Feedback on the New EU-U.S. Data Privacy Framework
    March 6, 2023
  • UK Data Reform Bill to return to the House of Commons
    March 3, 2023
  • DCMS Publishes New Security and Privacy Principles for App Store Operators and Developers
    February 16, 2023
  • DPO’s Dismissal & Conflicts of Interest Under The EU GDPR – CJEU Ruling
    February 14, 2023
  • ICO – Change of Deadline for Reporting Breach Notifications for Communication Service Providers
    February 6, 2023
  • General EU Requirements for Cookie Banners – EDPB Task Force Report
    January 27, 2023
  • Ofcom Launches Investigation into BT Following Suspected Breaches of Consumer Protections Post Implementation of EECC
    January 27, 2023

The Preiskel Blog

  • White House’s Economic Report of the President sets out a roadmap to improve competition in digital markets 22 Mar 2023
  • Brussels Conference brings in industry leaders to discuss the international antitrust landscape 22 Mar 2023
  • Issues in the UK’s forthcoming Digital Markets, Competition and Consumer Bill 17 Mar 2023
  • Stormy weather for cloud computing in the EU 16 Mar 2023

Preiskel news

  • Senior Partner, Danny Preiskel, quoted by IT Pro on the costs incurred by MNOs
  • Senior Partner, Danny Preiskel, will be a panellist at GCCM Carrier Community 2023 on IOT
  • Jose Saras and Xavier Prida Awarded First Place as Data Protection Thought Leaders in the UK
  • Ronnie Preiskel chosen to judge 24 May 2023 The Tech Capital Global Awards
Preiskel tweets
  • White House’s Economic Report of the President sets out a roadmap to improve competition in digital markets. Find o… https://t.co/S7J7sX3kfs13 hours ago
  • Brussels Conference brings in industry leaders to discuss the international antitrust landscape. Find out more at: https://t.co/JN5P4COQ4f14 hours ago
  • Stormy weather for cloud computing in the EU. Find out more at: https://t.co/dOpC8u4wLf6 days ago
Preiskel & Co LLP
4 King's Bench Walk,
Temple,
London
EC4Y 7DL
United Kingdom

Tel: +44 20 7332 5640
Email: info@preiskel.com

Find us on:

TwitterLinkedinMail
© Preiskel & Co LLP 2023 | Site map | Legal notices | Cookie Policy | Privacy