ECJ: Every person has the right to know to whom his or her personal data have been disclosed.

According to ECJ's Judgment (12/1/2023) in Case C-154/21 (Österreichische Post), every person has the right to know to whom his or her personal data have been disclosed. Nevertheless, the controller may indicate only the categories of recipient if it is impossible to identify the recipients or the request is manifestly unfounded or excessive. 

A citizen requested Österreichische Post, the principal operator of postal and logistical services in Austria, to disclose to him the identity of the recipients to whom it had disclosed his personal data. He relied on the EU General Data Protection Regulation (GDPR). That regulation provides that the data subject has the right to obtain from the controller information about the recipients or categories of recipient to whom his or her personal data have been or will be disclosed. 

In response to the citizen’s request, Österreichische Post merely stated that it uses personal data, to the extent permissible by law, in the course of its activities as a publisher of telephone directories and that it offers those personal data to trading partners for marketing purposes. The citizen therefore brought proceedings against Österreichische Post before the Austrian courts. 

During the judicial proceedings, Österreichische Post further informed the citizen that his data had been forwarded to customers, including advertisers trading via mail order and stationary outlets, IT companies, mailing list providers and associations such as charitable organisations, non-governmental organisations (NGOs) or political parties. 

The Oberster Gerichtshof (Supreme Court, Austria), hearing the dispute at last instance, wishes to know whether the GDPR leaves the data controller the choice to disclose either the specific identity of the recipients or only the categories of recipient, or whether it gives the data subject the right to know their specific identity. 

In its judgment, the Court replies that where personal data have been or will be disclosed to recipients, there is an obligation on the part of the controller to provide the data subject, on request, with the actual identity of those recipients. It is only where it is not (yet) possible to identify those recipients that the controller may indicate only the categories of recipient in question. That is also the case where the controller demonstrates that the request is manifestly unfounded or excessive. 

The Court points out that the data subject’s right of access is necessary to enable the data subject to exercise other rights conferred by the GDPR, namely his or her right to rectification, right to erasure (‘right to be forgotten’), right to restriction of processing, right to object to processing or right of action where he or she suffers damage. (source: curia.europa.eu / photo: freepik.com)

Comments

Post a Comment

Editorial

Editorial
George Kazoleas, Lawyer

Top Stories

Ombudsman inquiry on Commission President’s text messages is a wake-up call for EU

Image
The European Ombudsman inquiry into the Commission’s handling of a request for text messages between its President and the CEO of a pharmaceutical company is a wake-up call for all EU institutions about ensuring accountability in an era of instant messaging. One year after the initial request by a journalist, the Commission has still not clarified whether messages reported to concern major vaccine procurement deals exist and whether the public is entitled to see them. The Ombudsman had asked the Commission, in a finding of maladministration in January, to conduct a more thorough search for the text messages. The Commission’s recent response failed to say whether it had looked directly and correctly for the text messages and if not, why not. While the response recognised that work-related text messages can be EU documents, it reiterated that the Commission’s internal policy is, in effect, not to register text messages. The Ombudsman has closed  the inquiry  and upheld her find
Read more

Graduate Programme 2024 for EU Nationals in European Central Bank

Image
European Central Bank (ECB) is looking for 15 highly talented recent graduates with a postgraduate degree, eventually a PhD, for the ECB’s Graduate Programme offering full time monthly net salary €4,611 plus benefits. General Information  Type of contract: Two-year fixed-term contract starting on 1 September. It may be extended for one additional year upon successful completion of the programme. Who can apply?  EU nationals Salary  E/F (bracket 1 - step 1) full time monthly net salary: €4,611 plus benefits, for further information see  here . Working time:  Full time Place of work:  Frankfurt am Main, Germany Closing date:  21.02.2024 ECB is looking for 15 highly talented recent graduates with a postgraduate degree, eventually a PhD, for the ECB’s Graduate Programme.  You will have different ages, backgrounds and interests and will find intellectual challenges, varied opportunities and a people-centred working culture that gives you a voice and the chance to make an i
Read more

Gigantic fine for unfair practices imposed on Booking.com by the Competition Authority of Hungary

Image
One of the highest fines for violation of unfair competition law has been imposed (28/4/2020) on online hotel booking platform ‘’Booking.com’’ by the Hungarian Competition Authority. The amount of the fine (approximately EUR 6 million / HUF 2.5 billion) imposed by the Authority illustrates the seriousness of the Dutch company's violations. The Hungarian Competition Authority (GVH) imposed a fine of HUF 2.5 billion on the operator of the online booking portal booking.com, and at the same time banned the Dutch company from continuing its aggressive sales methods. According to the decision of the competition authority, Booking.com B.V. engaged in unfair commercial practices against consumers by, among other things, misleadingly advertising some of its accommodations with a free cancellation option and exerting undue psychological pressure on consumers to make early bookings. As a result of the Competition Authority’s competition supervision proceeding  initiated in 2018, the autho
Read more

The Lawyer's right to refuse the defense of an accused person for ethical reasons

Image
by Giorgos Kazoleas, Lawyer LL.M. Lawyers have the right to refuse to undertake a case when it conflicts with their moral principles, their dignity and conscience. Both the Code of Lawyers in Greece and the Code of Lawyers 'Ethics in Cyprus provide the legal framework to support this choice.   The Greek Legislation The lawyer's right to refuse the defense of a specific defendant in a criminal trial clearly follows from the wording of article 37 of the Lawyers' Code (Law 4194/2013). According to paragraph 1 of this article, the lawyer has an obligation to undertake any case, unless it is manifestly unfounded, not amenable to defense, conflicts with the interests of other clients or goes against his/her principles. According to paragraph 2, the lawyer must undertake the defense of any accused, if requested by the judicial authorities, subject to paragraph 1. The reasons for refusing to undertake a case are expanded by article 6 of the Greek Code of Ethics of the Legal Pro
Read more

First judgment of the ECHR: Lawless v. Ireland

Image
60 years ago, on 14 November 1960, the Court delivered its first judgment, Lawless v. Ireland, with René Cassin as its President. The judgment concerned preliminary objections and procedural questions regarding the application, on which a judgment on the merits was delivered the following year. Since its inauguration the Court has delivered 23,291 judgments on just over 51,650 applications. The case was filed by Gerard Richard Lawless, who had been an IRA member, although he claimed to have left the IRA. He was arrested on 11 July 1957, as he was about to travel to Great Britain from Ireland, and subsequently detained under the special powers of indefinite detention without trial under the Offences against the State (Amendment) Act 1940. The case was filed by Lawless for violation, by the Irish Government, of Articles 5, 6 and 7 of the European Convention of Human Rights, providing rights to liberty and security, fair trial and the principle of 'no punishment without law'
Read more

Nepotism and favouritism in the legal profession

Image
by Giorgos Kazoleas, Lawyer Nepotism in the legal profession is not only a domestic but a global phenomenon with timeless characteristics. Lack of meritocracy and favouritism during the process of recruitment and professional development of lawyers have common sources of nepotism and clientelism. Even in countries with advanced legal systems, such as the USA, the phenomenon of placing relatives and friends in high positions in law firms is very common. In the southern countries of Europe, nepotism stems mainly from family-oriented concepts deeply rooted in the subconscious of the societies. In smaller populated countries the phenomenon of employers' relatives and friends being preferred for jobs in law firms is more than common. In countries like India, the phenomenon of nepotism in the legal profession has particularly concerned the legal community, as there is a stronghold of a few privileged and powerful families which prevails  in the legal profession. Among lawyers and jud
Read more

The national legislation under which independent companies established in another Member State are excluded from copyright management is incompatible with EU law (ECJ)

Image
According to the Judgment of the European Court of Justice in Case C-10/22, the national legislation under which independent companies established in another Member State are excluded from copyright management is incompatible with EU law. The legislation constitutes a restriction on the freedom to provide services that is neither justified nor proportionate. LEA is a collective management organisation that is governed by Italian law and authorised to operate in the field of copyright intermediation in Italy. Jamendo, a company incorporated under Luxembourg law, is an independent copyright management entity which has been operating in Italy since 2004.  LEA applied to the Rome District Court for an order requiring Jamendo to cease its copyright intermediation activity in Italy. According to Italian legislation, that activity is reserved exclusively to the Italian society of authors and publishers and to the other collective management organisations listed, such as LEA, whereas independe
Read more