An article by Roberta D’Ercole and Lorenzo Scapellato on Agenda Digitale discusses the concept of direct judicial protection under GDPR, clarifying when an individual can go directly to court, bypassing the Data Protection Authority. According to Article 79 of the EU Regulation 2016/679, a person who believes their personal data rights have been violated is not required to lodge a complaint first with the administrative authority.
The authors highlight challenges particularly in cross-border data processing or when multiple parallel proceedings are ongoing in different member states. There are also uncertainties regarding territorial jurisdiction, coordination between national authorities and courts, and the timelines for achieving effective legal remedies.
This framework offers individuals a dual set of protection mechanisms: administrative complaint and judicial remedy, which can be exercised alternately. Companies and data controllers thus face the task of aligning internal processes, decisions and privacy notices with this judicial dimension, while ensuring transparency and fairness.
The full article by Roberta D’Ercole and Lorenzo Scapellato is available on Agenda Digitale:
GDPR, quando “bypassare” il Garante: la tutela giurisdizionale diretta
