CJEU - T-496/13 - Colin Boyd McCullough

From GDPRhub
CJEU - T-496/13 Colin Boyd McCullough
Cjeulogo.png
Court: CJEU
Jurisdiction: European Union
Relevant Law:
Article 4(1)(b) of Regulation No 1049/2001
Article 4(3) second subparagraph of Regulation No 1049/2001
Article 8(a) or (b) Regulation No 45/2001
Decided: 11.06.2015
Parties: Colin Boyd McCullough
European Center for the Development of Vocational Training (Cedefop)
Case Number/Name: T-496/13 Colin Boyd McCullough
European Case Law Identifier: ECLI:EU:T:2015:374
Reference from:
Language: 24 EU Languages
Original Source: Judgement
Initial Contributor: Louise Pascaud

An institution, refusing access to the disclosure of a document, must explain how granting access to that document could specifically undermine the privacy and interests protected by the exception under Article 4(1)(b) of Regulation No 1049/2001.

English Summary

Facts

The claimant, Colin Boy McCullough, was an employee at the European Centre for the Development of Vocational Training (Cedefop) from 1991 to 2007. The claimant was the personal assistant of the director of the that European public authority (Cedefop) from 1997 to 2005. The European Anti-Fraud Office (OLAF) and Cedefop made allegations against him in proceedings before the Greek criminal courts in 2013. The claimant had to prepare his written defence before the Greek judge. He requested the authority to provide access to the minutes of all meetings of its Governing Board, its Bureau and the ‘Knowledge Management System’ Steering Group for the period of 2002 and 2005.

The European public authority rejected the claimant’s request, on the basis of Article 4(1)(b) (privacy and the integrity of the individual would be undermined) of Regulation 1049/2001. The applicant then sent a confirmatory application to Cedefop for access to the documents according to Article 7(2) Regulation No 1049/2001. He stated in his application that Cedefop interpreted the exceptions to the right of access too broadly and vaguely and failed to examine whether there was a specific and actual risk that the interests protected by those exceptions would be undermined.

On the 15th of July 2013, Cedefop rejected the claimant’s confirmatory application and refused access to the requested documents because it considered that the names of its governing Board and its Bureau, contained in these minutes, constituted personal data protected by Article 4(1)(b) of Regulation 1049/2001 and the Regulation No 45/2001. Thus, the access of third parties to these documents would lead to a serious violation of the privacy and the integrity of the members, their opinions and their views.

Thus, the claimant brought an action for annulment under Article 263 TFEU of the decision of Cedefop of the 15th of July 2013. He asked for the annulment of the contested decision and to order the public authority to provide him the requested documents and to pay the costs.


Holding

Preliminary considerations In its judgment, the General Court recalls that the exception found in Article 4 of Regulation No 1049/2001 must be interpreted and applied strictly. The institution refusing access to a document which it has been asked to disclose must explain how disclosure of that document could undermine the interest protected by the exception upon which it is relying. The General Court went on to establish that Regulations Nos 45/2001 and 1049/2001 do not contain any provisions granting one regulation primacy over the other and thus their full application should be ensured. In its paragraph 43, the Court underlines that “Article 4(1)(b) of Regulation No 1049/2001 is an indivisible provision and requires that any undermining of privacy and the integrity of the individual must always be examined and assessed in conformity with the EU legislation concerning the protection of personal data”. It establishes, through the case law of Bavarian Lager (C 28/08 P), that Article 4(1)(b) of Regulation No 1049/2001 establishes a specific and reinforced system of protection of a person whose personal data could be communicated to the public. Therefore, the provisions of Regulation No 45/2001 are applicable in their entirety when a request is based on Regulation No 1049/2001.

The infringement by misinterpretation of Article 4(1)(b) of Regulation No 1049/2001 • The existence of personal data and the application of Regulation No 45/2001 The Court relied on the interpretation of Bavarian Lager to explain that surnames are personal data and protected by Regulation No 45/2001. Following the precedence set by the judgment Strack (C-127/13 P), the Court mentioned that the surnames may be transferred to a third party on the basis of Regulation No 1049/2001 only where that transfer fulfils the conditions laid down in Article 8(a) or (b) of Regulation No 45/2001 and constitutes lawful processing in accordance with the requirement of Article 5 of the same Regulation. The person requesting the access must establish the necessity of transferring the requested data, in line with Bavarian Lager. In the case at hand, the claimant did not provide any information/justification as to how the submission of the requested documents containing that data would affect the national proceedings to which he is a party and the risks to which he would be exposed in procedural terms. Having failed to demonstrate the necessity of the transfer of data, the General Court rejected his argument. • The absence of any risk that the protection of the privacy of the members of Cedefop’s Governing Board and Bureau would be undermined by the disclosure of their views and opinions The Court recalls through the case law of Sweden and Turco that the exceptions to Article 4 of Regulation No 1049/2001 must be interpreted and applied strictly. Specifically, according to the interpretation of the case Sweden and Turco (C-39/05 P), the institution, which decided to refuse the access to a document which it has been asked to disclose, must explain how granting access to that document could specifically undermine the interest protected by the exception under Article 4(1)(b) of Regulation No 1049/2001. In the case at hand, the public authority did not prove that the disclosure of those views or opinions in the document could undermine the participant’s privacy and the interests protected under the mentioned provision. Thus, the General Court rejected Cedefop’s argument. Cedefop did not assess whether granting access to the requested documents would specifically and actually undermine the interest relating to the protection of privacy and the individual.

The General Court found a violation of Article 4(1)(b) of Regulation No 1049/2001. Therefore, it annulled the contested decision, and ordered Cedefop to pay its own costs as well as three quarters of the costs incurred by the claimant. Mr McCullough bear the remaining costs.


Comment

The judgment rendered by the General Court (CJEU) illustrates the interaction between Regulation No 1049/2001 and Regulation No 45/2001 when it comes to the access of European institutions’ documents and the protection of personal data relating to the privacy and the integrity of the individual. Although Regulation No 45/2001 is no longer in force, the judgment’s holding is still applicable with regards to Regulation (EU) 2018/1725.

Further Resources

Share blogs or news articles here!