Commission v. Bavarian Lager (appeal)
The purpose of this new series is to show actually how the relevant law should be applied in order to properly balance the right to free access of public information, free flow of information and the right to Privacy and Personal Data protection.
The series will balance both the applicability of Data Protection law in the private and public sector, focusing mostly on the Directive 95/46/EC (private sector) and Regulation 45/2001/EC (rights to data protection of individuals working with/for EU Institutions and bodies).
C-28/08, Commission v. Bavarian Lager Co., 29.6.10
Application of Article 4(1)(b) of Reg. 1049/2001: General Court erred in limiting application of the exception in Art. 4(1)(b) to situations in which privacy or the integrity of the individual would be infringed for the purposes of Article 8 of the ECHR and the case law of the European Court of Human Rights, without taking into account the legislation of the EU concerning the protection of PD, particularly Reg. 45/2001. It disregarded the wording of the Article, which is an indivisible provision and requires that any undermining of privacy and the integrity of the individual must always be examined and assessed in conformity with the EU DP legislation. The Article establishes a specific and reinforced system of protection of a person whose PD could, in certain cases, be communicated to the public.
Recital 15 of Reg. 45/2001 indicates legislative intent that Art. 6 TEU and thereby Art. 8 ECHR should apply where processing is carried out in the exercise of activities outside the scope of Reg. 45/2001 (Titles V and VI of pre-Lisbon TEU). Such reference was unnecessary for activities within scope of Reg. 45/2001. Thus, where request based on Reg. 1049/2001 seeks access to documents including PD, Reg. 45/2001 becomes applicable in its entirety, including Articles 8 and 18. The General Court erred in dismissing the application of Art. 8(b) and 18 of Reg. 45/2001, and its decision does not correspond to the equilibrium which the legislator intended to establish between the two Regs.
Commission was right to verify whether DSs had given their consent to disclosure of PD concerning them. By releasing the expurgated version of the minutes, with the names of 5 participants removed (3 could not be contacted, 2 objected), Commission did not infringe Reg. 1049/2001 and complied with its duty of openness. By requiring that regarding these 5 persons, the applicant establish the necessity for those PD to be transferred, Commission complied with provisions of Art. 8(b) of Reg. 45/2001. As no necessity was provided, Commission was not able to weigh up the various interests of the parties concerned, nor to verify whether there was any reason to assume that the DSs’ legitimate interests might be prejudiced, as required by Art. 8(b)
Definition of PD: General Court correctly held that surnames and forenames may be regarded as PD. Thus list of names of participants in meeting is personal data, since persons can be identified. Definition of processing PD: Communication of PD in response to a request for access to documents constitutes processing.
Opinion of Advocate General Sharpston, 15.10.2009
Scope of Reg. 45/2001 under Art. 3: Art. 3(2) should be construed to define the circumstances in which the Reg. applies (“the processing of personal data wholly or partly by automatic means and . . . the processing otherwise than by automatic means of personal data which form part of a filing system or are intended to form part of a filing system.”) Such processing of PD by all Community institutions is then covered (applying Art. 3(1)) insofar as it is “carried out in the exercise of activities all or part of which fall within the scope of Community law.” Other circumstances are not covered by Reg. 45/2001; they should be dealt with under Reg. 1049/2001, where requests are made to Community institutions for access to documents.
Applicability of Reg. 1049/2001 vs. Reg. 45/2001 in request for access to documents: B- 1 documents contain an incidental mention of PD, where the primary purpose of compiling the document has little to do with PD. Raison d’etre of such documents is to store information in which PD are of minimal importance. B-2 documents contain large quantity of PD (eg a list of persons and their characteristics). Raison d’etre of such documents is to gather together such PD.
• Applications for B-1 documents should be handled under Reg. 1049/2001; for B-2 documents, under Reg. 45/2001, because within its scope by virtue of Art. 3(2).
• Requests for B-1 documents do not require a reason, by virtue of Art. 6(1) of Reg. 49/2001; for B-2 documents, will have to demonstrate the need for transfer of data, in accordance with Art. 8(b) of Reg. 45/2001.
• Art. 8 ECHR (including justification test, where interference with privacy exists) must be applied with respect to application for B-1 documents to determine whether PD must be redacted, following Art. 4(1)(b) of Reg. 45/2001; B-2 documents will be subject to procedure outlined in Reg. 45/2001: processing must be lawful within meaning of Art. 5; applicant will have to give reasons in accordance with Art. 8; Art. will apply for applications from non-MSs or non-Community international organisations; Art. 10 regarding sensitive data applies; and Art. 18 requires the institution to inform the DS that he can object to processing.
• Disclosure under Reg. 1049/2001 of B-1 documents is erga omnes; Disclosure under Reg. 45/2001 of B-2 documents is case-by-case and not erga omnes.
Art. 4(1)(b) exception: 1st part of exception applies to B-1 and B-2 documents; 2nd part applies only to B-2 documents.
Credits and acknowledgment go to Laraine Laudati, OLAF DPO.
Stay tuned for the case law.
Any questions can be submitted to: email@example.com
Additional information can be found at: www.e-crimeexppert.com
What do you think about the findings? Do you think that the applicant was right?
Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.
- @k3rstin Hi Kerstin. Im fine thank you. Still in Brussels. Can we collaborate on any project/assignment? Best regards, Dan. 1 year ago
- 6 Essential Tips on How to Prevent Online Shopping Fraud wp.me/p1N1s0-jD 3 years ago
- Cyberbullying wp.me/p1N1s0-jz 3 years ago
- 10 Ways to Prevent Your Identity From Being Stolen wp.me/p1N1s0-jv 3 years ago
- Infographic-Privacy and Security on Facebook wp.me/p1N1s0-jp 3 years ago