Читать книгу Privacy and Data Protection based on the GDPR - Leo Besemer - Страница 48

“… an establishment in the Union, …”

Оглавление

The regulation does not provide a definition of “establishment” for the purpose of Article 3. GDPR Recital (22), however, clarifies that an “establishment implies the effective and real exercise of activities through stable arrangements. The legal form of such arrangements, whether through a branch or a subsidiary with a legal personality, is not the determining factor in that respect”.

The Court of Justice of the European Union (CJEU) has ruled in the past on exactly the same formulation in Directive 95/46/EC that the notion of establishment extends to any real and effective activity—even a minimal one—exercised through stable arrangements. In an EDPB publication (EDPB 3/2018) it is explained that the threshold for “a stable arrangement” can be quite low when the center of activities concerns the provision of online services. One single employee or agent of the non-EU entity, acting within the Union and with a sufficient degree of stability, may be enough to make it “activities of an establishment of a controller or processor” in the Union.

Example: A multi-national food company is based in the USA. Its European main office is located in Amsterdam, the Netherlands. The Amsterdam office oversees all operations of the company in Europe, including marketing and advertisement.

The Amsterdam office can be considered a stable arrangement which exercises real and effective activities in the context of the economic activity carried out by the food company. As such, the Amsterdam office should be considered an establishment in the Union, within the meaning of the GDPR.

Privacy and Data Protection based on the GDPR

Подняться наверх