Civil Society Actors as Enforcers of the GDPR: What Role for the CJEU?

This article examines the interaction between the CJEU and civil society actors in data protection cases. It first reflects on the role of such actors in legal ac-tions concerning the protection of personal data before national and EU courts, stressing their key potential to address power imbalances between in-dividuals and Big Tech companies. Then, it critically assesses the CJEU’s contribution to fostering the role of civil society in the GDPR enforcement. It demon-strates that non-governmental organizations are excluded from participation in infringement proceed-ings against Member States for failing to fulfil their obligations under the GDPR, which can be launched by the Commission under Article 258 TFEU. Further-more, such organizations cannot bring direct actions against the Commission’s delegated and implement-ing acts due to the lack of standing under Article 263 TFEU. Additionally, civil society actors have a limited ability to intervene as third parties in the legal pro-ceedings before the CJEU. However, this article con-tends that a greater involvement of these actors in legal proceedings before the CJEU is key to enhanc-ing its responsiveness to the demands of civil society. It therefore reflects on the ways to make the CJEU a more effective avenue for legal mobilization in the field of data protection.