Language of document :

Request for a preliminary ruling from the Administratīvā apgabaltiesa (Latvia) lodged on 14 April 2020 — SIA SS v Valsts ieņēmumu dienests

(Case C-175/20)

Language of the case: Latvian

Referring court

Administratīvā apgabaltiesa

Parties to the main proceedings

Applicant: SIA SS

Defendant: Valsts ieņēmumu dienests

Questions referred

Must the requirements laid down in the General Data Protection Regulation 1 be interpreted as meaning that a request for information issued by a tax authority, such as the request at issue in this case, which seeks the disclosure of information containing a considerable amount of personal data, must comply with the requirements laid down in the General Data Protection Regulation (in particular Article 5(1) thereof)?

Must the requirements laid down in the General Data Protection Regulation be interpreted as meaning that the Tax Administration may depart from the provisions of Article 5(1) of that regulation even though the legislation in force in the Republic of Latvia does not empower it to do so?

For the purposes of interpreting the requirements laid down in the General Data Protection Regulation, can there be considered to be a legitimate objective justifying the obligation, imposed by a request for information such as that at issue in this case, to provide all of the data requested in an undefined amount and for an undefined period of time, in the case where there is no prescribed expiry date for the fulfilment of that request for information?

For the purposes of interpreting the requirements laid down in the General Data Protection Regulation, can there be considered to be a legitimate objective justifying the obligation, imposed by a request for information such as that at issue in this case, to provide all of the data requested even if the request for information does not (or does not fully) specify the purpose of disclosing that information?

For the purposes of interpreting the requirements laid down in the General Data Protection Regulation, can there be considered to be a legitimate objective justifying the obligation, imposed by a request for information such as that at issue in this case, to provide all of the data requested even if that request relates in practice to absolutely all data subjects who have published advertisements in the ‘Motor Vehicles’ section of a portal?

What criteria must be used to verify that a tax authority, acting as controller, is duly ensuring that the processing of data (including the collection of information) is compliant with the requirements laid down in the General Data Protection Regulation?

What criteria must be used to verify that a request for information such as that at issue in this case is duly reasoned and occasional?

What criteria must be used to verify that personal data are being processed to the extent necessary and in a manner compatible with the requirements laid down in the General Data Protection Regulation?

What criteria must be used to verify that a tax authority, acting as controller, ensures that data are processed in accordance with the requirements laid down in Article 5(1) of the General Data Protection Regulation (accountability)?

____________

1     Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ 2016 L 119, p. 1).